As 95% of all attacks on enterprise networks are the result of successful spear phishing, security experts are urging enterprises to beef up their efforts on protecting from spear-phishing attacks. In this article we will explore 21 ways of protecting from Spear phishing.

 

Spear phishing is a targeted version of phishing where a malicious actor seeks to obtain unauthorized access to sensitive information through more stealthy means than traditional all-encompassing email spam. For example, hackers could spoof emails from a CEO or another leader within an organization and send those emails to employees who likely trust that individual enough to open any attached files or click on links in the message.

To protect against such attacks, security experts recommend organizations to protect from spear phishing as below:

1. Train employees to detect spear phishing attempts

2. Deploy a next-generation firewall or other system that can monitor and block malicious traffic, including by flagging emails from unknown senders

3. Deploy data loss prevention technology to monitor what sensitive data is being shared externally via email and which employees are sending it

4. Keep an eye on suspicious behavior and enforce security policies that forbid certain types of files from being downloaded

5. Deploy an email spam filter to block spear phishing attempts before they reach employees' inboxes

6. Review and tighten password policies for employees

7. Use staff activity monitoring software to monitor the Internet usage of company-issued devices to flag suspicious behaviour such as sending or receiving sensitive information via email.

8. Provide employees with additional security training to help spot potential spear phishing attacks

9. Ensure that your organization is using the latest version of the software, as older versions are more vulnerable to attack

10. Patch operating systems and common software programs such as Adobe Reader and Flash.

11. Use whitelisting tools on your network to help prohibit the execution of known bad files and limit unknown and potentially malicious code from executing or installing without IT's consent first.

12. Develop a comprehensive security awareness training program for employees, so they understand how social engineering attacks work, learn how to spot them and receive guidance on what to do if they suspect a phishing attempt.

13. Configure email servers to block or quarantine suspicious emails prior to delivering them to employees' inboxes

14. Implement multi-factor authentication for the most sensitive systems and applications

15. Ensure that all remote access connections use secure protocols such as virtual private networks, Secure Shell, and encrypted virtual local area networks.

16. Leverage multi-factor authentication from a trusted identity provider.

17. Ensure that you have a comprehensive incident response plan in place, so your organization is prepared to respond quickly if an attacker successfully compromises your systems or application

18. Monitor DNS traffic for suspicious hostnames created as part of the spear phishing attempt

19. Ensure that your endpoint protection software is up to date, so it can monitor for suspicious hostname creation and stopping any malware from being downloaded onto devices

20. If you have a data loss prevention solution deployed, ensure that you are monitoring email traffic for sensitive information being sent externally by employees through email.

21. Monitor endpoint protection logs for indications that malware is attempting to download onto devices and take action such as updating definitions or blocking certain IP addresses or domains.

Spear phishing techniques have evolved to become extremely stealthy and difficult to detect, and a company’s only real hope for avoiding the devastation that can result from a successful spear phishing attempt is a fully-managed, state-of-the-art cloud email security. Guardian Digital is an email security company making emails safe for Business.

Guardian Digital has an email security assessment tool that provides vulnerability assessment on-demand here.