Cybercriminals are going phishing again in 2018, but that’s not to say they’re taking time off.
According to a report by PhishMe, the number of global phishing attacks rose sixty-five percent last year. With more than 150 million phishing emails sent globally every day, it’s not surprising that phishing is the leading cause of data breaches.
Unfortunately, phishing attacks are not only becoming harder to avoid, but also harder to detect. Cybercriminals are often able to spoof IDs to appear as though emails are coming from a trusted source (e.g., a colleague on your contact list), only to load malware onto your device moments after you click on a link or download a seemingly legitimate attachment. If even one percent of phishing emails are successful—and studies suggest that number is much higher—enterprise networks must remain in a constant state of heightened security.
What enterprises need is a unified front against phishing-based attacks. What they have, in most cases, is a piecemeal security system comprised of different components including firewalls and anti-malware software from multiple vendors. The risk of this approach is that multivendor solutions are rarely seamless and, in a world where employees are accessing business data and applications from multiple networks (Ethernet, Wi-Fi, cloud) and multiple devices (smartphone, laptop, personal device), more seams than ever are exposed.
One way to manage this problem is to implement a holistic identity and access management (IAM) solution to share security information and enforce policies consistently across different networks and devices. Aruba ClearPass is a clear leader in this regard. But IAM solutions are designed to prevent cybercriminals from doing bad things to your network. What happens when it’s a good employee doing a “dumb” thing, such as accidentally clicking on a link in a phishing email?
Most enterprises have some type of Security Incident and Event Management (SIEM) tool in place to alert them when something bad or suspicious is happening in their network—e.g., a malware program executing a command and control (C&C) request to an external server in North Korea. But SIEM tools rely on human interpretation and action to block or mitigate cyberattacks. In the case of a ransomware attack, organizations may have minutes (or less) to decide and take action before widespread file encryption occurs. Increasingly, security experts are moving toward User and Entity Behavioral Analytics (UEBA) to identify and automate cyberattack responses.
A UEBA system works by understanding what normal behavior looks like for a particular user and acting on abnormal behavior. Let’s use the example of that C&C request to North Korea. The malware may have arrived from a trusted user on a trusted device from a trusted network; no flags there. But once the malware initiates a C&C request to North Korea, the UEBA system immediately flags the activity, stops the communication and quarantines the user and device. As a result, no file encryption takes place and the infected device and user are prevented from re-infecting the system.
That’s not to say that UEBA is a silver bullet. Organizations should have a holistic security strategy that provides security layers around data, identity, network, platform and governance. UEBA solutions such as Aruba’s IntroSpect may provide part of that solution, while other technology (e.g., Aruba ClearPass) can address the identity and network layers, etc., creating a best-of-breed security system that works together seamlessly to share security information and simplify security management.
Our role at Rolta Advizex is to help organizations create that holistic solution, beginning with a thorough assessment of your security strengths and weaknesses. During that assessment, we examine what kind of data needs to be protected, from whom and how best to protect it in a world where danger can lurk behind every device and every network. Combining the network intelligence of Aruba technology with the security intelligence of our consulting practice ensures that you get a customized, complete solution that protects your data and applications against ever-increasing cyberthreats.
To learn more about how Rolta AdvizeX and Aruba technology can improve your security posture, be sure to watch my webinar Understanding the Role of Network Visibility in Enterprise Security. ▪