Fighting sophisticated phishing threats during the digital revolution
In this podcast recorded at RSA Conference 2017, Damien Hugoo, Director of Product Marketing at Easy Solutions, talks about what organizations can do in order to take a proactive approach in defending employees and users against phishing attacks.
Here’s a transcript of the podcast for your convenience.
I am Damien Hugoo, the Director of Product Marketing at Easy Solutions. Today I want to talk to you about external threats that organizations are facing in the midst of the digital revolution, and what organizations can do today about it. And we will also talk about how Easy Solutions has helped more than 350 leading organizations in protecting their brand and the end user from those external threats.
We’ve learned over the last few years that the more companies digitize, the more we see external threats targeting the consumer, their brand and their employees. I’m talking identity fraud, data breach, phishing, malware, you name it. And those types of attacks really diminish the customer’s trust and the loyalty, but they can also ultimately affect a company bottom line over time as those attacks get stronger and still are present in the digital world.
Today attacks come across multiple channels such as mobile, web, social network, and email as well. And those cybercriminals are using a combination of social engineering techniques such as email spoofing, phishing, malware, attachment, URLs, and all the tricks to have the end user employees giving out personal or sensitive information. Once a cybercriminal gets that information, they use that information to commit the actual fraud. Most of the time, the purpose of all of this is, really, going after the money and commit fraud.
All of that environment where they need to have a comprehensive protection against those threats. Any company needs to have a proactive and a comprehensive strategy to combat those threats. Attacks today are at an all-time high, and they’re affecting all lines of businesses. They used to be affecting more financial institutions, especially phishing, but we’ve seen over the last few years that a lot of other types of businesses are being affected. Anybody who is a consumer facing channels online is facing those types of threats. Just last year alone, more than one million phishing attacks were launched. The attacks that are causing most damage, you might be aware of its name, it’s called ‘business email compromise’, also called BEC, which as of the middle of 2016 reported almost three billion in loss according to the FBI.
Those attacks are not going to go away, but there’s a more fundamental problem, which is the approach to counter them. Too often, leaders in corporate IT, antifraud departments, the CSOs limit the scope of defense against those attacks with employee trainings, like simulating a phishing attack within the corporate environment training employees to spot them. And also, standard anti-phishing reactive solutions. What I mean by that is waiting for an employee or consumer to report on that attack, to actually take care of it and take it down. The solutions are effective to some degree, they are not effective at actually deterring those attacks. What I mean by that is reducing the volume of attacks over time. Most of those organizations with those strategies, the volume of attacks remains the same. And over time, they’re just trying to mitigate. They get an anti-phishing vendor, and they just know that it’s going to be taken care of whenever the customer reports it. We don’t believe this strategy is effective today.
As our research team has identified, most of the damage from a phishing attack happens in the first few hours. After 24 hours, the attack is not producing much more results for the cybercriminal. The strategy where you’re just reacting whenever the customer reports it, it’s too little too late at this point. The attacker will be coming back, because they are producing results. The first few hours have already passed, and most of the victims that the attack could get, the cybercriminal got them. So in order to address this head-on, business leaders must think to proactively defend against a threat with a multipronged approach that consist of creating an environment where each threat can be mitigated in almost real time in that first few hours that we talked about where most of the victims are being captured by the cybercriminal.
And the goal is to limit and reduce the criminal gain over time. That is where digital threat protection comes in. Our solution at Easy Solutions is what’s called Digital Threat Protection. That solution allows organizations to take a proactive approach in defending employees and users against those attacks. So the way it works – I talked about that multipronged approach – is the first part of our solution uses various techniques and avenues to search for external threats across the intended social media, emails, mobile app stores. We look in there, we get all the data. There’s different ways of getting that data from those multiple sources, feeds, web corners, scripts; and take away the script within a website, blogs and more. Then, we take all that data, and it’s analyzed through a proprietary algorithm to try to identify those attacks as quickly as possible. Sometimes, even before an attack is being actually launched, we are able to see that the cybercriminal is setting up an attack by different techniques that we’ve developed over the years. Once an attack has been identified, our threat intelligence team will review it and verify those attacks, and then initiate takedown on the site or the malicious content contacting the antenna service providers, browser providers to get that content down.
At Easy Solutions, over the years, we’ve created an environment where we have close relationships with all the antenna service providers, social networks, browser providers, email providers. It allows us to take down content as fast as possible, because we are trusted by those providers. They know that when we send them something, they can directly take it down.
Tthat’s a part of detecting and taking down, but another thing that make our solutions so unique is our ability to also disrupt the distribution of the email that contains those phishing attacks, those URLs, those attachments. Often enough, phishing and attacks are being distributed through email. So, our solution is able to disrupt that part as well. We have a tool that allows organizations to move to a policy the standards call DMARC. I don’t know if you are already familiar with it, but once a company implements that policy, that email authentication policy called DMARC, that allows them to move to a position to where they can reject anybody sending email on their behalf that are not being authorized. And that’s very important to be able to really disrupt the cybercriminal organization when they attack a specific brand or a specific company.
And to wrap up, we have a cloud portal where our clients can see dashboard reports, they can set up alerts, where they can visualize all the data being captured, all the action being done by our team to disrupt the cybercriminal organization. Because ultimately, it is our goal to really disrupt the cybercriminal, to make him walk out of getting more information, to getting more personal information. And as we’re able to disrupt more of the cybercriminals, often enough we’re going to create a reaction, which is going to be either to set up more attacks or eventually, over time, for the attackers to move away from that brand and maybe go to a different brand that is more vulnerable; which is our ultimate goal, which is what we say ‘deterrence’, ability to deter the cybercriminal from attacking a specific brand. And that’s what Digital Fraud Protection is all about.