What are you but the sum of your critical data 和 personal information? Okay, we’re exaggerating a bit here, but the point is that protecting yourself from phishing attacks ensures the well-being of your business operations 和 of your people. Unfortunately, you’re up against some persistent attackers; the 反网络钓鱼工作小组 found that over 87,000 unique phishing campaigns are launched every month. 损失是多少?? 的 美国联邦调查局 estimates that business email compromise (BEC) scams alone have caused $5.3 billion in losses to businesses worldwide over three years. 有很多0.
That doesn't mean anti-phishing programs are futile: Susceptibility to phishing is a solvable problem, 和 it starts with your employees. 通过建立 phishing awareness training program 和 equipping your users to detect Indicators of Phishing (more on those later) from the start, you reduce their likeliness to divulge critical information.
Detect Unwanted Behavior on Your Network
Phishing is the most prevalent cybersecurity attack. Detect suspicious behavior before things escalate.
尝试InsightIDRDetecting phishing attacks against your users
Phishing attacks can take many forms, but they tend to employ similar tactics to capture your critical data. Think of the presence of these tactics as clues that there may be malicious intent behind an email.
常见的 Indicators of Phishing (IOPs):
- 海里的鱼太多了? Different Reply To 和 From addresses
- 谁想知道? A contact name or email address you don’t recognize, or a company you don’t do business with
- 很紧急吗?? Deadlines, exclamation marks, 和 text in all caps
- 打得好吗?? Awkward wording 和 spelling errors
- 下载为低? Suspicious or unexpected attachments
- 你是什么星座?? Requests for personal or confidential information (e.g. 密码)
- 这是个陷阱吗?? A disguised link, or a link that does not match the URL displayed when you hover your mouse over it
Ready to proactively spot these IOPs? Detect suspicious activity with a 30-day free trial of InsightIDR. New dog (or rather, phish), old tricks.
Formulating a phishing 事件响应计划
所以你被骗了. (你绝不是个例.) Part of a comprehensive security plan (that includes anti-phishing) is your strategy for response—an 事件响应计划.
When dealing with a phishing incident, there are five major items to check off your list:
- 标识: How will you determine the scope of the incident 和 underst和 its context? What 流程 和 technology do you have in place to identify that a user in your organization has been phished? Do you have visibility into risky or privileged users where you should prioritize follow-up?
- 控制: How will you contain the infection or compromised credentials that are being leveraged against your environment?
- 修复: How will you repair any damage caused by infection or compromised credentials?
- 根本原因分析: How will you determine what broke down in your people, 流程, or technology that allowed this phishing incident to occur?
- Compensating controls/awareness training: What steps will you take to update the configuration or implement new compensating controls to ensure this does not happen again? For the compensating control of user awareness training, 你的目标用户是哪些, 和 what content will you deliver?
Want to go from compromise to containment faster? InsightIDR arms you to also adapt 和 investigate before things get out of control.