Phishing attacks: defending your organisation

How to defend your organisation from email phishing attacks.

Typical defences against phishing often rely exclusively on users being able to spot phishing emails. This approach will only have limited success. Instead, you should widen your defences to include more technical measures. This will improve your resilience against phishing attacks without disrupting the productivity of your users.

You will have multiple opportunities to detect a phishing attack, and then stop it before it causes harm. You must also acknowledge that some attacks will get through, as this will help you plan for incidents, and minimise the damage caused.

Layer 1: Make it difficult for attackers to reach your users

Attackers ‘spoof’ trusted emails, making their emails look like they were sent by reputable organisations (such as yours). These spoofed emails can be used to attack your customers, or people within your organisation.

How do I do this?

Make it harder for email from your domains to be spoofed by employing the anti-spoofing controls: DMARC, SPF and DKIM, and encourage your contacts to do the same.

Layer 2: Help your users to identify and report suspected phishing emails

Training your users – particularly in the form of phishing simulations – is the layer that is often over-emphasised in phishing defence. Your users cannot compensate for cyber security weaknesses elsewhere. Responding to emails and clicking on links is a huge part of the modern workplace, so it’s unrealistic to expect users to remain vigilant all the time.

How do I do this?

Training should encourage your users’ willingness to report future incidents, and re-assure them that it is OK to ask for further support when something looks suspicious. This message needs buy-in across all departments including HR, support and senior management.

Layer 3: Protect your organisation from the effects of undetected phishing emails

Malware is often hidden in phishing emails, or in websites that they link to. Well configured devices and good end point defences can stop malware installing, even if the email is clicked. There are many other defences against malware and you will need to consider your security needs and ways of working to ensure a good approach.

How do I do this?

Prevent attackers from using known vulnerabilities by only using supported software and devices. Make sure that software and devices are always kept up to date with the latest patches.

Layer 4: Respond quickly to incidents

All organisations will experience security incidents at some point, so make sure you’re in a position to detect them quickly, and to respond to them in a planned way. Detect incidents quickly Knowing about an incident sooner rather than later allows you to limit the harm it can cause.

How do I do this?

Ensure users know in advance how they can report incidents. Bear in mind that they may be unable to access normal means of communication if their device is compromised. Use a security logging system to pick up on incidents your users are not aware of. To collect this information, you can use monitoring tools built into your off-the-shelf services (such as cloud email security panels), build an inhouse team, or outsource to a managed security monitoring service.