Blog

Organizations at Infosec Europe Deal With Phishing Emails Again

Written by Eyal Benishti | Jul 03, 2018

We were exhibiting this year at Infosecurity Europe and, over the three days, we polled visitors to get a sense of how they were handling email security. From the 300 people we spoke with, 54% said they continue to be plagued by phishing emails and, as endorsement that we’re on the right track, 85% agreed that employees need better inbox tools to detect sophisticated messages.

We also asked how prepared their organization was to deal with email phishing on a scale of one to ten - with ten being very effective, and just ten percent awarded themselves the top mark with 43% giving themselves seven or lower.

If You Don’t Realize You’ve Got a Problem, Then You’ve Got A BIG Problem

As the respondents worked through the questions, it quickly became apparent that there was a disconnect between what people perceive or are willing to admit their position to be and the reality. In fact, few had an adequate reporting mechanism to determine just how many messages were being received and those left unreported, with even fewer having email forensic capabilities. By their own admission many could not be confident that they were holistically protected against phishing emails.

When they were asked how the security team are alerted that a rogue message had been received few had an automated process with just 24% confirming they have a ‘report’ button within their email client. Worrying, 41% confirmed that they do not automate this process at all, instead relying on an email address for users to forward messages received.

If You Change Nothing, Nothing Changes

Phishing messages continue to evade current email security solutions, the failure is evident as, every day, these solutions allow malicious emails to slip past to land in mailboxes.

Having an email address for rogue messages to be sent to is akin to catching fish with your bare hands – you might get one or two but you’ll be exhausted from the effort. The process is reliant on a member of the SOC or IT team physically monitoring reported messages, spotting the threat and taking appropriate action.

On average it takes just 82 seconds between a phishing email passing through the gateway and the first user interacting with the rogue message, so speed is essential. Our 2017 trend report showed that, when implementing our technology, the majority of threats can be remediated within 60 seconds.

Depending on size of organization, manually triaging reported emails could be a mammoth task with no way for the security team to correlate patterns, group messages together nor remediate the threat across the enterprise should a particularly nasty attack be identified to stop other less observant users clicking on the message and unleashing its payload.

Organizations know that phishing messages, Business Email Compromise attacks, and other nasties are arriving into users mailbox with increasing regularity yet many haven’t changed the way they address the email threat. Sticking with what you know doesn’t work is foolhardy.

If you want to find out how to stop these messages being detonated within your organization perhaps its time to look somewhere else for the answer – we’d argue its away from the gateway to interrogating the mailbox.

To learn why industry analyst Ovum calls the IRONSCALES’ phishing prevention, detection and response platform one to watch, download the Ovum Report