?
CRANE HASSOLD,
SENIOR DIRECTOR
OF THREAT
RESEARCH
AT AGARI
B
ased on the
average number
of phishing
incidents and
the average time
to remediation
(4.9 hours), the
average SOC needs 54 analysts to
handle the number of phishing incidents
per company.
In our recent Phishing Incident Response
Survey, the average number of SOC
analysts was 12.5, demonstrating that
there is a staffing gap of at least 41.5
full-time equivalents (FTEs). This gap
currently results in most organisations
failing to detect phishing incidents,
which opens each organisation to the
possibility of breaches or fraud.
By implementing automated phishing
incident response processes that
reduce the time to triage, investigate
and remediate phishing incidents by
50%, organisations could save US$4.37
million in SOC costs and US$551,025
www.intelligentciso.com
|
Issue 12
in breach risk – for a total savings of
US$4.92 million.
Phishing awareness training –
is it effective?
Although developing a secure and
trusted email network is the key, all
businesses should have training
and policies in place on how
to recognise and respond to suspicious
emails. In particular, there should be
strict procedures around requests
involving transferring funds or sharing
confidential data to help identify
attempts at fraud.
Nevertheless, some believe phishing
awareness training can create over-
confident employees. A good way of
countering potential overconfidence
is to focus on procedure and policy.
Most attacks targeting finances or
confidential data rely on the victim
skirting proper procedure to wire over
funds or email out confidential data.
Employees should know to always
editor’s question
follow policy, even if it appears to be
their CEO telling them not to.
Fraudsters are constantly adapting
social engineering techniques to
specifically circumvent employee training
and company policies, so firms should
look to remove users from the equation
by focusing on technology that will
prevent these emails from reaching their
intended targets in the first place.
Ditch the domain spoofing
Email authentication is one of the
most effective methods of preventing
malicious emails from reaching the
inboxes of their targets. DMARC –
Domain-based Message Authentication,
Reporting and Conformance – is
one method which has proven
very successful.
DMARC gives brands control over
who is allowed to send emails on
their behalf. It enables email receiver
systems to recognise when an email
isn’t coming from a specific brand’s
approved domains and gives the
brand the ability to tell the email
receiver systems what to do with these
unauthenticated email messages.
Fraudsters are
constantly adapting
social engineering
techniques to
specifically
circumvent
employee training
and company
policies.
29