How to Prevent Spear Phishing Attacks

What is Spear Phishing?

Spear phishing is a targeted email attack posing as a familiar and innocuous request.  Spear phishing attacks are email messages that come from an individual inside the recipient’s own company or a trusted source known to them. Also, the message usually contains information in the body of the email that supports the request’s validity. The request the individual is making is also based on logic and seems like a valid query. Most spear phishing expeditions are launched specifically for financial gain, intelligence or company trade secrets.

How Does Spear Phishing Differ from Regular Phishing Attacks?

Regular phishing attacks usually come from a large, well-known company that the recipient is associated with or is a member such as an Internet, telephone, or electrical company. The email will usually state that there is some sort of problem with the user’s account and ask the user to confirm some personal information to proceed with the resolution of the error. The email may seem valid, but most people have become wise to how these attacks work, and they are not nearly as effective as they were in the beginning. Most corporate users who utilize email every day have become savvy about giving out personal information and clicking on links contained in emails. Spear phishing is more targeted, more believable and is usually harder to discern that there is malicious intent because they appear to come from a known, trusted source.

Spear Phishing Statistics

Due to the prevalence, effectiveness and clever design of many spear phishing campaigns, it is estimated that 95% of enterprise network hacks involved spear phishing with over 40%  of people unable to identify a phishing attempt. Somewhere around 30% of all phishing emails in the U.S. are opened because they appear to be real and contain valid requests from individuals that the recipient presumes they can trust. It’s usually a request made by a manager or someone in a higher position in the company compelling the recipient to reply because they feel it is their job to do so.

Spear Phishing Examples

One spear phishing attack example is an email from a close family member or work colleague seeming to ask an important question or convey important information. Since this person is familiar, you don’t hesitate to open the email. Upon opening the email, you notice that it contains links to websites that the sender thinks you might be interested in visiting. Then you click on them without thinking since this is a person you trust. Upon further inspection, you might notice that the email didn’t actually come from the trusted individual and their email address isn’t what it should be. The sender’s name has just been spoofed.

Another example could be that you receive an email from your boss asking for the quarterly sales figures. This seems like a logical request, so you comply because you’re already busy and you want to accomplish the task that has been assigned to you. Then you notice that the return address in the address bar doesn’t actually belong to your company’s domain name and you were about to reveal private, sensitive information to someone outside your company.

Can Spear Phishing Attacks be Prevented?

The answer is no, but there are ways to help reduce their occurrence and efficacy. One way is through the use of artificial intelligence and machine learning. Spear phishing takes advantage of a lack of awareness on the user’s part. The best defense is a product that utilizes artificial intelligence and machine learning to proactively prevent spear phishing attacks by examining every email for suspicious links or URLs.

Micro-segmentation can also be utilized. This is a way to define fine-grained security at the workload level. Security policies can be synchronized across virtual networks, machines, operating systems or other virtual security targets.

Automated real-time monitoring can also be used to keep an increasing list of known threats from gaining access to your network. Through constant updates and scanning of email traffic, organizations can thwart most common attacks. A well-known University stated that their network monitoring software rebuffed upwards of 25,000 phishing attacks to their network per day.

How Can Sanity Solutions Help?

There are a number of ways Sanity Solutions can help prevent and mitigate phishing and spear phishing attacks.

1. Incident Response
   This involves designing a plan on how to proceed after a Spear Phishing incident has been reported. As soon as the attack is verified, the playbook for neutralizing the effect goes into effect. The kill chain is traversed, and the threat is eradicated.
2. Security Assessments
   Sanity Solutions offers several assessments covering various areas of security concerns. These assessments can be invaluable tools in discovering vulnerabilities, understanding current threat sources and designing corrective solutions.Sanity Solutions also provides many free educational events in conjunction with our security vendors, and together we offer Proof-of-Value or Proof-of-Concept free trials. These events are extremely valuable because we install an appliance onsite and run it for a 30-day period. Normally, several anomalies occur where the appliance found and/or prevented a particular attack or identified a vulnerability that can be proactively addressed before an attack occurs.
3. Employee Training
   Many employee training initiatives are ineffective and need to be prioritized as a key company strategic imperative. Employees can become an effective first line of defense in preventing and mitigating attacks. Going over the latest phishing strategies can help employees to recognize and report attempts. It’s also important to establish a reporting process and plan of action for employees who think they may have been “speared.” Keeping all members of the organization aware of the latest attack tactics can be the difference between success and failure for a spear phisher.
4. Table Top Exercises
   Sanity Solutions has relationships with industry leading security vendors who can also provide table-top exercises. They provide a forum where emergency plans and scenarios can be discussed. The plan of attack to emergency situations can be thought out in a low stress environment so that personnel will be better equipped to handle them if, or when, they occur in the real world.
5. Consultative Expertise
   Sanity Solutions engineers hold several security certifications including CISSP (Certified Information Systems Security Professional) which is granted by the independent International Information System Security Certification Consortium (ISC)². Requirements include a minimum of five years of direct full-time security work experience in two or more of the following security domains:
   • Security and Risk Management
   • Asset Security
   • Security Architecture and Engineering
   • Communication and Network Security
   • Identity and Access Management (IAM)
   • Security Assessment and Testing
   • Security Operations
   • Software Development Security

Through the knowledge gained by obtaining these certifications, Sanity engineers are uniquely positioned to assist in architecting effective security solutions to keep spear phishing and other threats at bay.

Sanity Solutions can build a customized solution to help minimize the risks associated with spear phishing attacks and quickly contain one if it does occur. We offer a variety of services such as security and risk assessments, as well as data protection, backup, and recovery products. Contact us today to find out how we can keep your critical systems healthy and your important data safe.