//////////////////////////////////////////////////////////////////// t cht lk
“
A WELL-CRAFTED
PHISH IS AN
INVESTMENT
THAT PAYS BIG
DIVIDENDS.
BUT SO IS AN
AUTOMATED
PLATFORM, FED
BY TRAINED
USERS AND
MANAGED BY
EXPERIENCED
INCIDENT
RESPONDERS.
reports undergo machine analysis and SOC
teams act on the findings, man and machine
are in harmony. Everyone, and everything, is
in the right role.
A couple of success stories
Another Cofense customer stopped a phishing
attack in only 19 minutes. Again, a balance of
automation and human intelligence made the
difference. The email appeared to come from
the CEO. It asked employees of a healthcare
company to click on a link, go to another page
and read and confirm their agreement with a
corporate policy. First, though, employees had
to login with their network credentials. The
attacker aimed to harvest passwords, gain file
system access and reroute electronic payroll
deposits. And he almost succeeded. In fact,
many employees took the bait. The email was
very convincing, using the company’s logo
and language from its website.
Fortunately, other employees remembered
their training and reported the email – within
a minute of the campaign’s launch. Eighteen
minutes later, thanks to automated analysis
followed by human vetting, the company
blocked the phishing site and pulled the
email from inboxes.
www.intelligentcio.com
One more example – a major financial
services company saw a series of reported
emails sent, allegedly, by a major credit card
provider. The email landed in hundreds of
inboxes and, as in the previous example,
used counterfeit branding to get users to
drop their guard.
The email told recipients that the credit
card company had noticed unusual ‘recent
activities’ in their accounts. It then instructed
employees to click a link to a ‘My Account’
page, where they could verify and protect their
personal information. The landing page asked
for a wealth of personal data: name, social
security number, email address and more.
In other words, a classic credential phish,
this one aiming for personal data, not
company information (though armed
with employee’s personal details, the
attacker could have connected the dots
and targeted the corporate network).
Fast-forward to the happy ending – the
security team used automation to identify
the campaign quickly, then moved swiftly
to block the phishing domain – before any
users entered data. All of this happened
in minutes. Before, it would have taken
days, according to the SOC analyst who
managed the response.
But just imagine…
Imagine if the healthcare company was
still manually analysing emails. Nineteen
minutes could have turned into 19 hours
or longer.
As it was, even in 19 minutes plenty of
users clicked. A well-crafted phish is an
investment that pays big dividends. But so
is an automated platform, fed by trained
users and managed by experienced
incident responders.
And consider if the security team at the
financial services company still slogged
through hundreds or thousands of emails
by hand. Or relied on Outlook, whose many
strengths do not include incident response.
This company too would likely have
wasted hours or days examining the wrong
messages. All the while employees, at least
some of them, would have handed criminals
the keys to their personal kingdoms.
Kamel Tamimi, Principal Security Consultant
at Cofense
No one has time to waste while phishing
emails are on the loose. So automate to save
time and let humans save the day. It’s the
best way to stop active threats before they
make trouble, including the kind of headlines
no company wants to see. n
INTELLIGENTCIO
97