Phishing tests our cyber security every day.
Even the best training can’t prevent tired or distracted employees from clicking on a bad links. Fortunately, there are additional defensive layers you can deploy to prevent attacks or provide speedy remediation.
Spelling Mistakes & Inconsistencies
In September, the Emotet botnet sent out emails urging users to upgrade Windows 10 Mobile. But that OS reached end of life in January 2020 – the email still had 2013 and 2014 dates in the body of the email.
In that case, the attacker’s laziness made the phishing attempt very apparent. While most users wouldn’t fall for something so sloppy, other bad link campaigns are much harder to detect.
For example, a month after the Russian hacking team, Fancy Bear, sent out malware-laden files posing as NATO training materials, many antivirus programs still did not classify the file as malicious because it closely mirrors an innocuous .jpg file.
When an attack fools antivirus companies, how can users be blamed for clicking?
When you train employees on phishing attacks, make sure to focus on spelling mistakes and inconsistencies in verbiage.
Not all bad links use phishing emails.
For over a decade the members of Wicked Panda used a variety of attacks to sneak malware into companies.
One notable attack was to send a virus-laden resume to human resources departments. Obviously, it’s hard to place blame on HR employees for clicking on them, in that case.
3 Additional Strategies
Clever attackers understand our business practices and how to exploit our natural tendencies.
Even when the security basics are covered (training, segmentation, endpoint security, etc.) you need to be creative to keep ahead of the newest attacks.
Recent: 3 Key Indicators of an Attack in Progress
Here are three additional strategies designed to minimize the impact of clicking on bad links:
1) Designate an expert to click
Designated IT experts can open files and click links within a “sandbox” environment.
While quite effective, a high volume of user requests will tax your IT department. Consequently, an overwhelmed team may become a bottleneck.
This is best for smaller organizations with at least one very technical employee. If anti-phishing training is strong, there should only be a small number of emails that still require checking by the expert.
2) Designate a sacrificial computer
An old PC can also be deployed as a network-isolated sacrificial computer to a department vulnerable to phishing attacks.
Instead of preventing attacks, this method focuses on quick recovery of a machine that can be wiped and restored easily.
Though, it can be a hassle if the user needs to move to a different machine to check suspicious emails. However, it saves IT a lot of time.
It’s a good fit for larger organizations with retired PCs and vulnerable non-technical departments (sales, marketing, HR, etc.).
Virtual Isolation using virtual machines and containers can be set up by IT on local PCs or in the cloud. These options provide self-contained environments which can simply be closed if infected with malware.
However, virtual machines and containers can be tricky to secure properly. It requires highly technical, experienced personnel. Virtual machines also take more time to set up, which initially makes this a more costly option than the first two strategies.
3) Implement Software Isolation
Browser isolation provides a faster, turn-key deployment of isolation through software.
While there are several technical ways to achieve browser isolation, a common implementation is to have users access their email through cloud-based SaaS containers.
Browser isolation appears transparent to the user, so this option typically experiences the least user resistance. Of course, it also typically comes with a monthly fee that can add up.
So, you’ll need to weigh these costs against the labor to implement other solutions, or to remediate against the consequences of a bad click.
As with all technology, these options can be applied throughout your organization or for specific purposes.
A specific subset of vulnerable users might warrant one or more of these extra precautions that do not need to apply to everyone.
Top security stems from layered options. Do you need help with getting it all set up?
With Ideal Integrations, you’ll have an IT partner on your side, 24/7/365. Ready to get started? Complete the form below or call us today at 412-349-6680 to explore your options!