[et_pb_section admin_label=”section”][et_pb_row admin_label=”row”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid”]
In the final installment in our series of blogs on the Fundamentals of Phishing we will explore how to prevent phishing attacks.
To truly prevent email phishing attacks we need to consider the ‘Phishing Kill Chain’. This uses the principles of the popular Cyber Kill Chain methodology, a military-theoretical approach to network asset defense that can be quite valuable, especially when you expand the definition of “assets” to include your customers. If you’re not familiar with the concept, CSO Online has an article on it that’s appropriate for any level of pre-existing knowledge.
The Phishing Kill Chain in Context
|Military Kill Chain||Cyber Kill Chain||Phishing Kill Chain|
|Assess||Command & Control||Extraction|
So what does the Phishing Kill Chain look like? Cyber criminals need to achieve seven steps in order to conduct a successful phishing attack on email:
According to numbers published by the Canadian Government the success rates are alarming:
These numbers reflect the poor controls against phishing compared to, say, generic spam.
The key point to note is that many security solutions aim to stop criminals later in the chain, such as at the Click, Surrender and Extract stages. But the earlier in the kill chain that controls can be inserted, the better the chance that organizations have of preventing their customers from being phished.
To that end, DMARC and Agari deliver a solution that can cut the chain at Delivery, where a proactive DMARC reject policy can prevent the message from even having a chance of landing in the inbox.
Even beyond initial rejection, Agari uses DMARC forensic data to extract threat details and provide them to takedown vendors, who validate and classify the threat. This intelligence is then passed onto Google and Microsoft for inclusion in their anti-phishing lists so that browsers block the threats. This makes the controls at step 4 in the kill chain, the Click, far more effective in preventing emerging threats.
If your organization is serious about preventing phishing and defending your customers as well as your brand reputation, you need to be deploying systems that help you move up the kill chain. Only then can you ensure your organization is safe from falling victim to the growing pain of phishing attacks.