When Will the Phishing Problem Be Fixed?

Posted by Malcovery Security on Tue, Sep 9, '14

Phishing ProblemCorporate security professionals are often pressed by their CIO or other executive leaders on when the “phishing problem” will be “handled.” 

Several studies demonstrate that phishing continues to grow and persist. Given both the scale and the awareness of the problem, security professionals will be asked by their executive leaders how much time, budget and planning is needed in order to reach a resolution. In other words, “Give me a budget and a deadline to get this thing fixed.”

Of course, we know that phishing is a complicated problem and questions like this are very broad. In this blog post, we’ll give you some suggestions on how to approach the problem, focusing on email-based threats that lead to malware delivery or traditional phishing websites. These types of threats can be mitigated and there are short, medium and long-term solutions.

Short-term: Disrupt the Phisher’s Ecosystem

There are some immediate steps that we can do to disrupt the phisher’s ecosystem, such as taking down a drop email address that’s receiving stolen credentials.  Another quick solution is to take advantage of phishing intelligence, which highlights the largest spam campaigns of the moment (we offer this in our daily Today’s Top Threats report).

Medium-term: Prioritize Response Efforts

Take a look at the most frequently-seen phishing attacks against your brand. Which are the largest, most egregious attackers or actors? Identify these parties and focus response on these attackers. This can yield both immediate and long-term benefits by eliminating repeat offenders and maximizing take-down budgets. 

Long-term: Make a Commitment to Stop Cybercrime

As with many other things in life, the solutions that deliver the best results require the most commitment. Strategies such as DMARC and user education deliver results, but they take time.

Furthermore, organizations that really want to create a deterrent and force criminals away from their brand can greatly benefit from establishing relationships with law enforcement to investigate and prosecute the most prolific attackers. Gary always says that his favorite counter measure is handcuffs. Joking aside, the best way to drive criminal activity away from your brand is to step up and be willing to take the case all the way to prosecution.

Threat intelligence is very useful for that. While there is some discomfort within the industry in bringing these things to light (nobody wants to be the one person who has to admit they've got a cybercrime problem), this is something that is an issue for all companies. In fact, many of the largest criminals are attacking as many as 30 different financial institutions at one time, which we have evidence of in our logs.

If you can join a coalition of victims to go after the biggest criminal organizations, you can use technology like cross-brand intelligence to help support your efforts. When brands work together to take down a common attacker, no one has to take the heat.

How do you address phishing in the short, medium and long-term in your organization? Share your experience in the comments section below.

Webinar: Don't  Miss it! Cybersecurity 2014: Semi-Annual Review View Recording

Topics: Phishing

View Webinar Now