September 18, 2012

Insights from Top CSOs: 100 Percent Concerned About Spear-Phishing

Jason Clark

CSO on the RoadI recently hosted a Websense customer round-table discussion with 20 CSOs from top U.S. companies. We swapped war stories, hashed out the security challenges they face every day and they shared how they’ve been successful. These CSOs work in a variety of industries, including federal, finance and healthcare. Recently, there have been a number of highly public targeted attacks, which led to a lengthy discussion on spear-phishing. I found their insights very valuable and I wanted to share some key points below.

Today’s phishing attacks are lower volume (slow-and-low for evasion), highly targeted and look legitimate. Malware is also increasingly delivered via an embedded URL, which might not be live until days after the email is sent. In addition, many of the CSOs also received variants of spear-phishing via SMS during the meeting.

100 percent of all the CSOs were very concerned about spear-phishing. Everyone felt their CEO would click on an infected spear-phishing link if an email got through. We all agreed there needs to be a published strategy for effectively dealing with spear-phishing blind spots. It came down to a three-pronged approach designed to stop 95-99 percent of spear-phishing attempts:

  1. Employee education: The human element is incredibly important. Everyone agreed that employee education is fundamental to preventing a spear-phish attack. Consider pen-testing your users. Show them why they need to think before they click. Also, use a combination of audio and visual education methods like videos, webinars, newsletters and in-person trainings.

    Many of these CSOs had employee education programs in place that addressed the topic at hire and on an on-going basis. The result isn’t really employee education or security awareness, it’s behavior modification.

  3. Inbound email sandboxing: Most of these CSOs were Websense TRITON customers and cited our new email sandboxing feature as a very effective way of stopping targeted spear-phishing. When an email recipient clicks on an embedded URL, Websense analyzes the website content and browser code in real time, in a cloud environment, to ensure safety in any location at any time. This protects against a new phishing tactic we have seen from the bad guys. They send a clean URL in an email to their targets to get through the organization’s email security. After it is received, they will inject malicious code into the site.

  5. Real-time analysis and inspection of your web traffic: Stop malicious URLs from even getting to your users’ inboxes at your gateway. Even if you have inbound email sandboxing, some users might click on a link through a personal email account, like Gmail. In that case, your email spear-phishing protection is unable to see the traffic. Your web security gateway needs to be intelligent, analyze content in real time, and be 95+ percent effective at stopping malware.

If you want to know how to quickly test your controls for this approach, let me know and I will be happy to share how to do it. In addition, every CSO in our roundtable said they rely on multiple layers of defense to stop spear-phishing attempts. For example, if an attacker hooked an unassuming employee with a spear-phish, a DLP system with enabled data theft defenses would prevent corporate intellectual property from being stolen. It’s critical that your most sensitive data is retained and contained. 

It’s scary to think that almost every company in the world has a big spear-phishing blind spot, which can quickly ruin your day and possibly destroy your business. For more information spear-phishing protection, feel free to download this guide to “Defending Against Today's Targeted Phishing Attacks.”

If you have any questions about our discussion, feel free to drop me a comment or contact me via LinkedIn:

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.