Spear Phishing is an email targeted at a specific individual or department within an organization that appears to be from a trusted source. It’s actually cybercriminals attempting to steal confidential information.
A whopping 91% of cyberattacks and the resulting data breach begin with a “spear phishing” email, according to research from security software firm Trend Micro. This conclusively shows that end-users really are the weak link in IT security.
Preventing Successful Spear Phishing Attacks
Now, how to mitigate against attacks like this? First of all, you need all your defence-in-depth layers in place. Defending against attacks like this is a multi-layer approach. Make sure you have in place the following: an Email Gateway Spam Filter and/or a spam filter in your Exchange Server. Turn on the Outlook ‘Junk Email’ Filter, run different antivirus products on the workstation and the mailserver, have an active Intrusion Prevention Systems, use Web Proxy Servers, and ideally have deep-packet inspection Egress filtering, plus there are some more things you could add. The trick is to make it as hard as possible for the attacker to get through.
And now let’s look at some other tactics that will help prevent a successful spear phishing attack:
- Do not have a list of all email addresses of all employees on your website, use a web form instead.
- Regularly scan the Internet for exposed email addresses and/or credentials, you would not be the first one to find one of your end-user’s user name and password on a crime or porn site.
- Enlighten your users about the dangers of leaving all kinds of personal information on social media sites.
- Last but not least, you could go through all the steps above and start sending simulated spear phishing attacks to all your end users, but why not use a fully automated service to help with these simulated attacks? Security awareness training combined with pre- and post-simulated phishing testing can make sure end users stay on their toes with security top of mind. Since 91% of successful attacks use spear phishing to get in, this will get you by far the highest ROI for your security budget, with visible proof the training works!
Source of Information
Information take from the Knowbe4 website, see page “Spear Phishing“