It would be fairly easy for most email filtering products to stop all phishing messages today, except for the unfortunate side effect being that many legitimate emails would also be stopped.
It’s really a cat and mouse game between attackers using phishing and spear-phishing techniques, and security technology that filters messages based on their content, as well as the metadata they carry.
Detecting malicious email senders
Progress has been made in detecting spoofed email senders due to the emergence of better protocols between sending and receiving servers that enables them to detect impersonation attempts. But for these protocols to work well, both ends of the communication must be configured properly.
These extra email protocol safeguards can also be complex to configure properly, especially now that many organizations use third parties to process email such as newsletters and service notifications.
Photo by diGital Sennin on Unsplash
Join our next 5-Day Challenge to experience something completely unique
“The challenges were so quick I was able to do them in the time it took me to sip an espresso.” – IT Security Manager
Detecting malicious content, links and attachments
Detecting whether or not the content of an email is malicious is even harder. As attackers see their messages being quarantined, they adjust their content to more closely represent legitimate email exchanges. There are always new possibilities.
Even detecting malicious links and attachments in phishing emails is a constant struggle to rate the reputation of website domains, and match malicious file “fingerprints”. Attackers like to use new domains that have not yet been detected as malicious, and therefore disallowed. However, if all new domains are flagged, then legitimate startup companies will have problems getting their email through.
It’s a tough job to filter out messages that are malicious when attackers are trying hard to make their spear-phishing emails look legitimate.
It will be a long wait
Someday, probably with AI, or maybe when an entirely new messaging protocol is developed and adopted, malicious messages will be reliably filtered out, while legitimate ones will get through. But the day when most businesses have implemented such a magical tool is a long way off.
Until then (or maybe even forever) educating end-users on basic methods of analyzing messages, and persuading them to practice that skill on a regular is essential.
It’s a time much like when the pioneers colonized in the Wild West, where everyone had to learn to manage new risks quickly, or they suffered tragic consequences.
On this front, at least it’s now easier to engage employees, by using gamified security awareness. It’s always worthwhile to educate employees about risks. As more jobs are outsourced or automated, more high value decisions are faced in everyone’s jobs.
Click Armor’s immersive, foundational training and weekly challenges is the only security awareness solution that is designed to motivate employees to practice and strengthen their skills on a weekly basis in a gamified simulation environment.
Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.
Photo by Patrick Amoy on Unsplash
Cyber Security
Phishing Defense
Phishing threatens businesses and opens the door to ransomware. Fight phishing and spear phishing attacks with gamified learning.
Social Engineering Defense
Social engineering scams are a serious hazard to businesses. Fight back with Click Armor.
Cyber Security Awareness for Remote Workers
Home-based workers are vulnerable to cyber attacks. Build team immunity today.
Privacy and Compliance
PCI Compliance Awareness
When team members work in an environment where they may encounter cardholder data, they need to know what to do to protect it.
Gamified HIPAA Compliance Awareness
If your business is a supplier to a healthcare provider in the USA or Canada, your team needs to know what to do to protect Protected Health information (PHI).
Gamified Learning Platform
Active Awareness Platform
Experience the power of tailored gamified learning with Click Armor. Take your security awareness training to the next level.
