How agencies can protect against phishing attacks
- By Christian Have
- Nov 20, 2018
Public networks -- government, commercial and personal -- are facing unprecedented levels of attack by cyber criminals. Despite the threats governments specifically face, many are not implementing the proper tools, people or protocols to safeguard their agencies, leaving them at risk of exposing their systems to cyber terrorism and criminality.
While phishing scams have a reputation for mimicking government emails, often times, those emails can be turned on agencies themselves. Phishing attacks have been used by cyber criminals for years, often playing on the “immediacy” of email to trick agency users into revealing their credentials.
The threat of phishing emails is high across all industries; however, government agencies must be particularly proactive about guarding against suspicious emails to avoid exposing sensitive, and even classified, information.
As with any potential exploit, defending against phishing attacks involves a combination of policies, procedures and controls. It often comes down to people and technology working together to protect against threats by:
Investing in user training. The first line of defense is always to create a culture of cyber awareness. Agencywide training sessions that highlight the techniques potential attackers might use can enable teams to be more vigilant about potential attacks.
Bringing a cybersecurity expert on board. Enterprises should consider adding a cybersecurity expert to their team or bringing an outside expert on board to implement the right defenses to protect a agency and its data. These experts have the expertise to ensure organizations are using the most appropriate tools to protect their people and systems against threats.
Implementing stringent technology controls. There are many controls that can be deployed to plug potential security gaps. Recent advances in machine learning and artificial intelligence allow for more precise identification of high-risk users. User and entity behavioral analysis platforms use ML and IA to understand what "normal" activity on an organization’s infrastructure looks like. If anything abnormal is identified, the platform will access a risk profile and notify security analysts or take some remedial action to nullify the attack.
When in doubt, check and check again
Inadvertent insider threats are a bigger risk than many might think. Disgruntled employees, workers with expiring contracts or financially desperate staff may be to blame for suspicious, potentially harmful behavior. To protect themselves and critical business data, agencies should train users to spot phishing emails by:
Checking spelling, grammar and sender info. One of the key signs of a phishing email is poor spelling or grammar, as well as the use of seemingly familiar sender addresses, but with very minor differences. Employees should always check the sender's email to confirm the address is legitimate. For unexpected emails, they should look for any language or spelling clues that suggest it may not be from a legitimate source.
Taking a closer look at hyperlinks. Emails often use hyperlinks for further information. With phishing attacks, however, these hyperlinked URLs are frequently different from the one displayed in the email. For example, the link may suggest it is from a legitimate organization, but hovering over the URL may reveal a destination completely different from what was suggested. Users should not click on any attachments or hyperlinks that appear not to be authentic.
Gauging the urgency. Often the phishing email will use social engineering to try to trick recipients into taking immediate action, such as asking users to verify bank account details because they've won a prize. Phishers also take advantage of people's generosity after a disaster to dupe them into making a donation on a fraudulent charitable website that infects users' devices or steals their donation and payment information.
For government agencies, operating efficiency is a must. While IT systems are helping to meet that need -- enabling easier communication, accessibility, mobility, convenience and productivity -- that connectivity comes with the risk of data breaches.
With software and operating system vulnerabilities becoming a cornerstone of modern cyber warfare, agencies’ IT infrastructure is more vulnerable to unexpected attacks than ever before. Government information security relies on the right solution -- now more than ever.
Christian Have is chief product officer at LogPoint.