There are many technical security capabilities such as anti-spam and anti-malware protection, machine learning, artificial intelligence, sandboxing and URL filtering which all offer a substantial amount of protection against phishing attacks, however, it must be anticipated that you are never likely to stop everything; cyber criminals continually find innovative methods in their relentless pursuit to successfully pass through undetected.
A positive security culture is an essential component to any protective security programme. Where users feel empowered to report security incidents without fear of blame, there is a greater likelihood that security breaches will be reported. Users self-reporting incidents is a key detection mechanism that provides visibility of previously unknown and undetected security risks and thus enables prompt action to lower the potential impact.
If you do fall for a phishing scam, fast, intelligent action is imperative to limit potential damage. It is critical that users must be educated, not only on preventative measures, but they are also reactive and aware of the actions they need to take to help safeguard compromised information and recover from an attack quickly.
As an individual you should follow the below steps if you know or suspect you have experienced a phishing attack;
1. Change your password
The quicker you change your password (via the real website) the less time the attacker has to access your account. You should ensure you update any other accounts that share the same password (hopefully none!).
2. Report the incident to your IT team
There is nothing to be ashamed of; let your IT professional know as soon as possible about the phishing attack, providing as much detail as possible. Incident reporting should be a well-documented and understood part of the company and expected employee behaviour when something of concern happens.
3. Stop the spread
If you become aware of unexpected activity on your device that has resulted from a phishing email it could be beneficial to quarantine your device from the network to prevent the risk of infection to other machines.
4. Review your financial activity
Immediately review your financial accounts (including bank accounts) to verify there is no suspicious activity being carried out on your behalf. As soon as any suspicious activity is detected, alert your account holder (banker/banking corporation) immediately to let them know of any fraudulent activity.
As an organisation, what steps do you follow?
You should consider the steps below if you know or suspect you have experienced a phishing attack;
- Activate the incident recovery process (you do have one, don’t you?)
- Obtain a copy of the source email
- Talk to the clicker
- Ensure affected users have changed their passwords
- Build a chain of events by reviewing internal systems and logs (Mail Server/DNS/Firewalls/Proxy)
- Ensure event logs are retained and secured
- Adjust email filters and security controls to block future matches
- Perform post-incident review and lessons learnt analysis
- Document identified areas of continuous improvement
- Evaluate and report any risk of compromised compliance (HIPAA/GDPR/PCI)
- Education and awareness training
The 2021 Cyber Security Breaches Survey identifies phishing attacks as the most disruptive form of cyber attack for UK businesses.
No matter how small they might be, breaches inevitably lead to business disruption and have a significant impact. A well accomplished incident recovery process will reduce the impact of any phishing email which is able to navigate through your security defences.
If you want to find out more about Savanti and their various cyber security services, including their Incident Response Services, please get in touch info@savanti.co.uk, visit the chat function on our website: www.savanti.co.uk or fill in the below details: