How MSSPs Can Protect Endpoints from Phishing
… this particular exploit. It also decreases their susceptibility to social engineering, a necessary precondition for targeted spear-phishing attacks, in particular.
“The ability to accurately identify targeted social engineering attacks is a skill that is largely untouchable by modern technology,” said Erich Kron, security awareness advocate, KnowBe4, a security awareness training and simulated phishing platform. “However, people are remarkably adept at spotting these attacks once they know what to look for. Without training and education, users may not be aware of the methods that attackers are using, which then reduces the ability for them to protect themselves.”
Importance of Phishing Reporting
While some IT departments within enterprises consider phishing too common to bother with a comprehensive reporting system, other security experts beg to differ. Having already stated the potential for a single click on a malicious email to compromise an entire enterprise network, it’s vital to have an infrastructure that takes the ways how MSSPs can protect endpoints from phishing as seriously as any widespread corporate awareness campaign against phishing.
“Providing services that allow end users to report phishing attacks and get feedback on their reports can go a long way toward building a strong internal security culture,” Kron said. “Reporting helps the MSSP to identify when an organization is a target of a phishing campaign so they can counter the attack. By understanding the attacks users fall for, you can train them to spot these threats as opposed to providing training that may not cover the vulnerability.”
With proper phishing reporting mechanisms in place, what some in cybersecurity have called the weakest link – humans – presents an opportunity to become the most intelligent part of the solution.
“Humans can identify and report false negatives and false positives,” said Adrien Gendre, chief solutions architect at Vade Secure, a predictive email defense. “Large ISPs do this well, and we’re seeing it take hold in the corporate market. The key is closing the loop so that feedback is not just a stopgap, but constantly improving the filter.”
Use Credentials Against Phishing
When it comes to how MSSPs can use credentials to protect endpoints from phishing, it should involve a multilayer defense with safety and security procedures handled at three levels — system, tool, and personal. IT administrators should implement modern email authentication with SPF, DKIM, and DMARC, according to Brian Brauchler, technical support manager, Onix, a cloud solutions provider, and Google Cloud and AWS partner. And at the user or personal level two-factor authentication should be implemented.
“For an organization facing phishing, these levels should equate to their IT policies and practices, specific email solution, and individual user knowledge — all three are important and provide redundancy in case one fails,” Brauchler said. “For user accounts, policies should require complex passwords and 2FA — two-factor authentication. The email solution should support these, and users will need assistance setting up and understanding their 2FA options.”
But MSSPs can’t depend on any single technology or strategy to keep their customers’ endpoints safe. Eventually, phishing attempts will get through a single layer of defense – even if it is something as formidable as 2FA – which reemphasizes the focus on training according to personnel and technology experts.
“There is no silver bullet in security so you can’t entirely protect your endpoints from phishing attacks,” said Brian Baird, director of security services, ProTech Systems Group. “If you think you can, you have a false sense of security. Passwords are going to fail – even at their most complex – and hackers can work around two-factor authentication. You must have a layered defense strategy, and you have to test and train your users so they can identify and avoid phishing emails.”