Following on from last week’s mailer where we discussed the various phishing attacks which exist and how your organisation can defend against them, this article discusses the advantages of a multi layered approach to secure your organisation against phishing threats.
Instead of focusing on training your employees to spot and defend against phishing attacks, multi layered security provides a more holistic approach to organisational security, utilising proactive measures. By introducing multiple layers to your organisation’s security, you also have multiple opportunities to detect a phishing attack before it has the opportunity to take hold.
This guidance is split into four sections:
Layer 1 – Make It Difficult for Attackers to Reach Your Users
Set up defences to make it difficult for attackers to even reach your end users. These include: protecting your emails from being spoofed, reducing your digital footprint and filtering or blocking incoming phishing emails. Introducing these measures is the first step to defending against phishing threats.
Layer 2 – Help Users Identify and Report Suspected Phishing Emails
Every member of your organisation has the responsibility to spot and contain phishing threats before they can take hold. Training your staff to spot these threats and empowering your users to seek help when they detect potential attacks will improve your organisations ability to detect and respond to phishing threats.
Layer 3 – Protect Your Organisation from The Effects of Undetected Phishing Emails
It is incredibly difficult to spot every incoming phishing attack. Therefore, ensuring that your devices are protected from malware, your users are not able to open malicious websites and introducing additional authentication and authorisation will help secure your organisation against the threats which bypass your security.
Layer 4 – Respond Quickly to Incidents
Security breaches are a case of when, not if. All organisations will experience security threats at some point in their lifecycle. Therefore, it is essential that they are able to detect incidents quickly and have effective and robust incident response plans.
To determine how effective the strategies you have put in place to protect against phishing attacks are, SES recommend that you perform Simulated Phishing Attacks in addition to adopting the multi layered security approach outlined above.
These simulated attacks can be personalised to your organisation and can determine how effective your preventative measures are performing at each of the four stages discussed above.
Simulated Phishing Attacks begin with SES’s consultants conducting research on your digital footprint to gain information that will make their attacks more specific, relevant and therefore look more legitimate. The more information SES’s consultants can easily discover about a target organisation, the easier it will be for them to perform an effective simulated attack.
By performing Simulated Phishing Attacks, SES’s consultants can assess your organisations defences against phishing threats and its reporting culture. If simulated attacks are successful at bypassing your defences, our consultants can then determine how susceptible your organisation is to malware and also the effectiveness of the incident response plans you have created.
Once a Simulated Phishing Attack has been concluded, SES’s consultants will provide you with a report on their findings and provide remediation advice to help you improve your organisations defences.
If you would like to receive more information on creating multi layered approach to defending your organisation against phishing attacks and cyber threats, please get in touch and one of our specialists will get back to you within one business day.
© Financechain Limited trading as SES and ses-escrow.co.uk, 2019. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Financechain Limited trading as SES and ses-escrow.co.uk, with appropriate and specific direction to the original content.