Over the past year, we’ve witnessed several acquisitions by the big security vendors, multiple funding rounds and the beginning of cyber accelerators; the cybersecurity market is undoubtedly buoyant. The challenge of this, however, is ensuring that firms stay true to their specialism while becoming a fully-fledged part of the wider security ecosystem implementing a good incident response.  

Chief Information Security Officers have made it clear. Their technology investments need to both work with and enhance their other purchases. Despite this reasoning, no vendor should or can work alone when it comes to cybersecurity. Rather, it takes a collaboration of intelligence and open technology to ensure the very best protection is put in place.  For us at Cofense, while our heritage is in mitigating phishing attacks, it is absolutely vital that this is fully integrated into the wider security infrastructure; indeed, finding a live phishing campaign is amazing, but what do you do next to reduce its impact? This is where we must consider where our solution fits into the wider security infrastructure and how best to work an incident response method to provide the best security protection.

 

A case in point: cloud security, meets phishing, meets incident response

We recognise the increased use of cloud computing and so wanted to take a unique look at cloud security and its connection to phishing tactics. From this, our initiative was to discover how broad and interconnected a phishing defence strategy should and could be.

Cloud services have become the key to productivity across businesses in every industry worldwide.  They don’t require a lengthy procurement process and the low cost for short-term use can often mean that business users download and deploy cloud applications without involving IT. Shadow IT is consequently a very real problem for the IT department and Gartner predicts that between 30 and 40 per cent of total IT spend is unsanctioned.  But what about Shadow Cloud? While this comes with its own security implications, which undoubtedly need to be investigated and managed, it also plays into the most likely way attackers are targeting victims; creative, personalised phishing campaigns. If an attacker can map cloud technologies with ease, they can use that to create more authentic phishing campaigns.

From phishing a CFO asking for a hefty wire transfer under the fraudulent guise of their accounting software or setting up spoofed branded login pages to steal credentials from a SaaS-based file management service. It only takes a few guesses to determine what shadow IT may be in use across an organisation and cybercriminals are using that information to tailor extremely personalised and targeted phishing campaigns, which may result in an employee handing over their log in details or clicking a compromised link that grants the hacker direct access to the corporate network.

Example: Was that Slack workspace actually set up by your organisation? Or did the bad guys repurpose a name and logo to lure your staff into giving up credentials? If an IT team can intercept this process, however, by monitoring what cloud services are in use and gaining visibility into cloud services configured for a corporate domain, it becomes much easier to defend against. Your SOC should know what Cloud SaaS apps you have so they can be on their guard when intelligence is showing them phishing attempts masquerading as those services.

The ability to predict what phishing emails might be entering your network and being able to condition users to reduce the likelihood of them clicking a fraudulent email is a vital part of cyber protection. With a more integrated security infrastructure designed to increase visibility, it also enables the business to understand its risk profile, align incident response, build intelligence resources and improve preventative tactics.  

 

Recognising your role in the security ecosystem

Perhaps, the next generation cyber security vendor – and those that will dominate in years to come – is that which recognises its expertise, understands its part in the security ecosystem, yet actively integrates and collaborates with those around it to provide the most complete defence possible; whether its collaborative advisory boards, SaaS vendors, technology alliances, or their own internal team members.

After all, there’s no point an employee being a savvy security sensor if there is no way for them to report threats, no incident response team to analyse that intelligence and no method of responding to and disrupting the attack in progress. A truly complete defence takes a collective.