Spear Phishing is a huge problem for IT organizations and for general management.
Spear phishing differs significantly from standard mass phishing emails (most of which are filtered out by the same techniques used to block spam). Rather than just sending tens of thousands of generic emails in the hope that one or two will get through, a spear phishing email targets a specific employee at your company. A good spear phishing email includes customized attack messages providing a believable context for the victim to engage. Further, most spear phishing emails appear to come from a trusted source such as a customer, a partner, or the CEO. All this combines to make victims much more likely to engage with a spear phishing email than a standard phishing or spam email.
A spear phishing email will appear to come from a trusted source and provide a believable context making the victim is more likely to engage.
A successful spear phishing attack can have a devastating impact on your organization: lost intellectual property, stolen money, breached customer records… and you might not even know it. The average time from breach to discovery can be frighteningly long for email-borne attacks because, except in cases of outright monetary theft (such as BEC), the victim is often not even aware that they have been fooled.
The fact is standard email security systems will not reliably stop spear phishing attacks.
According to a 2016 Vanson Bourne study of IT decision makers, 84% of organizations said a spear-phishing attack successfully penetrated their organization in 2015. However, 71% also indicated that they already have some form of email security technology in place.
The problem is that the architecture of the vast majority of email security systems was essentially built to fight spam. The basic techniques for standard email security include signature-based protection that black-lists all known bad actors, spammy email content, and known malware attachments and phishing URLs. The structure and processes of these systems have been highly successful in fighting the prevalence of mass spam emails-- which threatened to make email unusable as recently as six or seven years ago.
This spam-derived email security actually works OK for most mass-emailed phishing attempts as the systems are able to block new variants of phishing attacks after the first few tens of thousands of emails are sent and the initial reports come filtering back. (Of course, this is of little comfort if one of your employees was the lucky recipient of one of the initial exploits…)
However, signature-based email security is completely ineffective against the sophisticated one-off targeted spear phishing attacks which are the primary threat today to your network security.
Consider these facts:
So it’s not surprising that that the CyberSecurity market is projected to grow to $200 billion dollars by 2021. What it is surprising is how most companies are tackling the problem. Rather than stopping malware and data breaches by directly addressing the most overwhelmingly common vector (email), they are spending the vast majority of their IT security resources on ever more elaborate schemes trying to deal with the problem after the bad guys have already breached the perimeter.
You need to lock down your email systems with state-of-the-art email security and protection against ransomware, malware, phishing, and spear phishing.
93% of data breaches start with a single email.
Vade has a range of email security processes to ensure that spear phishing emails won’t make it to your employee’s inboxes. If your employees don’t have the opportunity to click on malicious links, open dodgy attachments, or respond by email or phone to phishers…. you can have confidence that your network and information is protected.
The Vade Advanced Email Security Suite includes:
Ready to protect your organization from spear phishing attacks? Start your free 15-day trial.