Phishing attacks are familiar to IT professionals–at a minimum, from running triage after a user falls victim and unleashes the flavor-of-the-month malware on your network, if not from lacking the acuity to avoid falling victim yourself. However, cybercriminals continue to develop more sophisticated and difficult-to-detect attacks. The days of “please help this beleaguered Nigerian prince gain access to his own money to enter into a contest to win $1 million from Bill Gates” are quickly coming to an end.

That said, IT professionals are excessively confident in their current email protections, with more than 80% of respondents in the 2018 EdgeWave Email Security Confidence Survey indicating they were “‘confident’ or ‘very confident’ that traditional email gateways will protect their organizations from targeted email attacks.” Despite that high confidence, 42% also reported their organization was the victim of a phishing attack.

SEE: E-mail Etiquette: E-mail Made Easy (Tech Pro Research)

One place where survey respondents indicated an appropriate lack of confidence is in the abilities of end users to spot and report phishing attempts, with over half of respondents saying they are “not very confident” or “not confident at all” in those abilities.

To counteract the threats posed by phishing attacks, EdgeWage recommends a three-part strategy to increasing the security of user inboxes:

1. Provide pre-delivery protection

Stopping malicious emails before they reach user inboxes is effective for preventing wide-ranging, indiscriminate attacks, though this method is ineffective against targeted attacks aimed at a specific user. However, overzealous filters that block the delivery of legitimate business email can be disruptive.

2. Post-delivery detection

Emails flagged by users as potentially malicious should be manually reviewed, as well as reviewed by machine learning filters to aid in understanding how attacks evolve.

3. Incident response

Programmatically removing malicious emails from user inboxes after delivery can mitigate the extent of damage to your organization. EdgeWave points to a 2018 Ponemon Institute study that found “the current dwell time has actually increased to 197 days from 191 last year. The mean time to contain the threat is longer as well, rising to 69 days from 66.”

SEE: Phishing and spearphishing: A cheat sheet for business professionals (TechRepublic)

The big takeaways for tech leaders:

  • More than 80% of respondents in indicated they were “‘confident’ or ‘very confident’ that traditional email gateways will protect their organizations from targeted email attacks.” –Edgewave, 2018
  • Edgewave recommends pre-delivery and post-delivery detection, and a robust incident response strategy.