Greater use of Automated Incident Response is what’s needed to Combat Phishing and Improve Security
As law firms begin to plan their cybersecurity strategy for 2020 and beyond, email security will certainly be high on the agenda. That’s because phishing attacks continue to increase in sophistication and frequency, and email remains the number one vector for all cyber incidents. In fact, 90% of all cyberattacks begin with email, and the breadth of phishing detection, prevention, and response has become the ultimate IT team burden.
One thing is clear: Law Firms are losing the email security battle. This unpopular truth exists partially because of the complex email threat landscape. After all, it’s almost impossible for any organization to proactively defend against 130 million phishing attacks per quarter. Another contributing factor is the proliferation of payload-less, social engineering-driven phishing, such as business email compromise (BEC) and account take over (ATO), which enable attackers to bypass traditional server-level email security tools and trick human defenses with relative ease.
When it comes to phishing mitigation, the industry is guilty of holding the same conversations that it’s had for the past several years. Comparing and contrasting secure email gateways. Evaluating both the real and perceived benefits of phishing awareness training. Debating the pros and cons of authentication and encryption protocols. While all three tactics remain popular, they are decreasingly ineffective.
As we approach 2020, it’s time to move away from past methods and focus on what’s needed to defeat phishing in moving forward. From decentralized threat intelligence sharing and greater public-private collaboration to automatic incident response and mailbox-level security, these safeguards are better suited to combat the future of anti-phishing because they rely on human and technical controls working together.
Evolution of Email Security
Ten years ago, organizations relied almost entirely on spam filters and antivirus software to protect against Nigerian scams. Eventually, antivirus products were rejected as the sole line of email defense, as attackers found creative and cost-effective ways to defeat these controls.
Phishing technique advancements prompted secure email gateways (SEGs) to enter the market, and this technology remains the most common phishing prevention method. Around the same time as SEGs, security training became part of the law firm security blanket, and employers attempted to gain some advantage over attackers by using employees to identify and corral suspicious messages.
Unfortunately, attackers responded to the increased employee awareness and SEG technology by creating new attack techniques that bypass common email security controls. In response, many enterprises have added gamification to their security training to bolster employee situational awareness while also implementing authentication and encryption protocols.
While such counter measures are effective from time to time, attackers continue to have the upper hand while enterprises look toward 2020 for a silver bullet. Guess what? There isn’t one.
Email Security Challenges
The email security industry is in an intense debate over what technology, standards and protocols can deliver the most protection and reduce the most risk. The common arguments are a bit ironic when considering that successful cyberattacks continue to cost ransom money and brand damage to firms.
The most common arguments include:
- Encrypt all email messages
- Phishing awareness training should be mandatory for all organizations
- Robust email security requires two-factor authentication
- Incident response requires automation
While none of these trending arguments are wrong, they all assume that email security is a challenge that can be eradicated with a singular solution driven by either technology or people. History has taught us that attackers will evolve and find a way to defeat whatever human and technical controls a law firm deploys.
SOC’s & MSSP’s
As we move into 2020 and a new decade, the conversations surrounding email security must evolve from comparing anti-phishing and email security tools, protocols, and trainings to resolving non-phishing email security challenges that are at the center of elevating risk. This includes the need to educate the next generation of the cybersecurity workforce; decentralizing threat intelligence sharing so that firms can protect their assets and most importantly their client’s data.
By encouraging decentralized threat intelligence, security teams can have access to hundreds of thousands of trending threats worldwide, allowing them to be proactive in defense instead of reactive. Security Operation Center (SOC) as a service is a way security teams can have access to thousands of trending threats worldwide, allowing them to be proactive in defense instead of reactive.
What about smaller firms that are also at risk to these same threats? Taking advantage of a Managed Security Service Provide (MSSP) is an inexpensive way to leverage an in-house cybersecurity staff. Beyond pooling knowledge of threat intelligence, using an MSSP can also save organizations money on equipment, software tools and other operational costs.