By Mike Fleck
Despite investments of time and money in secure email gateways, phishing threats continue to be delivered to the user’s inbox. To close this gap in automated detection, many organizations roll out user security awareness programs to train their employees to spot and avoid these threats. Even that, however, hasn’t brought the problem under control as phishing is still the origin of most breaches. There are three practical measures you can implement that enable employees to actively defend your business against real email attacks.
No cybersecurity system can detect all threats, all the time – at least not without driving users and admins crazy with false positives and delayed email delivery. However, we can do a better job of providing users with mailboxes that contain fewer threats. Rather than try to block all the malicious email content at the email perimeter, we can apply continuous, automated threat hunting at the mailboxes. After all, that’s where the problem lies! Doing so is proven to catch attacks that were missed by secure email gateways and Microsoft 365 Defender. This will instantly reduce reliance on security awareness training and provide you with better visibility into the spear phishing, ransomware, and business email compromise attacks previously evading detection.
Empowered vs Trained
While security awareness training (SAT) is required for regulatory compliance and cybersecurity insurance, its value doesn’t end just there. It is important for you as a business to develop a cybersecurity culture.
Too often, security awareness training is intended to turn users into human detection engines rather than first-line security analysts. To optimize the role users play in the active defense of the business, we must empower them in more practical and measurable ways than culture creation. Give your users tools so they can scan suspicious messages for themselves. Give them real-time threat indicators so they can apply their training to enrich alerts, not just generate them for the Security Operations Center.
Many organizations have implemented processes for a user to submit suspicious messages to the SOC, but what you really want is to have those processes close the loop with the user. When a user does flag a message for the security, it’s important for the team to respond with the results of their analysis. Doing so will encourage continued participation from your users and reinforce lessons they learned in training.
Empower Your Users for Security Success
User training is often required for compliance with PCI DSS, HIPAA/HITECH, and SOC2, so it’s impractical to get rid of it. It’s critical that you have realistic expectations of your users. Training users with simulated (fake) phishing attacks often leads to a culture of fear and avoidance. Do prevent that outcome, apply these 3 tactics to create a positive environment for your users and empower them to help protect the business:
- Implement continuous, automated threat hunting for “cleaner” mailboxes.
- Use self-service tools and adaptive threat indicators to warn your users of possible threats and allow them to act on them.
- Provide your users with analyst feedback to reinforce training and encourage continued participation in defending the company against real attacks.
Cyren Inbox Security is an API-based cloud email security solution that works within the inbox to automate the detection and response to email attacks that evade your existing defenses, eliminating the time your security teams spend manually hunting and removing email threats. Visit the product page to learn more about it and how it helps protect and engage your users.