Security Experts:

How Do We Know About New Phishing Attacks? Because Some Human Reported It.

Keep training your people about the newest threats - the power of the collective is a critical element in how to stop phishing

We hear it all the time: “The human is the weakest link!” or “People can’t get their heads around the technology so how can we expect them to know bad when they see it?” 

Yeah, right. 

The fact is that humans can make all the difference. At the risk of an engineer making observations about humans, I’m going to step out on a limb here and say this: people are exceptionally good at recognizing patterns. And it is through pattern recognition that your people can be trained and equipped to be your best, first line of defense. All your people. From the CEO to the newest intern, I believe everyone can, if given the right equipment, make a substantive difference in our collective security posture.

Going back to the dawn of time, we evolved to recognize and avoid danger. Whether it is someone in the north woods tuned to recognize the tracks of a bear, or an executive in Tokyo wondering why the Microsoft logo is not quite the right color; we are very good at seeing differences in things that we are extremely familiar with. What we need is to take that sensitivity to cybersecurity and arm the masses with the tools to recognize the tracks of the bear. What’s cool about this is we only need one of those educated humans to report what they see, to make a tremendous dent in an ongoing phishing attack. That’s right, just one.

Collective human power is certainly not a new concept. There are examples of crowd-sourcing information all over the place. Marketing firms use it to target buyers. Uber uses it to set pricing. Home Depot uses it to position stock in stores ahead of storms. Waze uses it to share where construction sites or delays exist. There are tons of examples of where the power of people has improved the lives of the collective. 

The power of the collective is also a critical element in how to stop phishing – especially phish that make it through the email security stack and land in an inbox, because those phish have already shown they can get around the positioned tools and technology. So, when phish bypass technology, how do these threats become known to security professionals? Humans detect and report them. 

When someone reports a threat within their inbox to the security team, those analysts can figure out the tradecraft, how to detect it, what it means, and how to respond. But not every company is equipped to have analysts at the ready, aware of all threats always. Threats can come from anywhere and there isn’t a Security Operations Center on earth that can stay ahead of it all. Even Cofense, with an army of analysts, wouldn’t be able to know the breadth of the threat without a continuous feed of information, reported into our Phishing Defense Center. We all need the source material to know what is different about this phish that looks just like that phish.

The problem of phishing attacks is too big and too varied to depend on a few folks in a company ops center, or a vendor or two in your email flow. Organizations need humanity leveraged against this threat. So, keep training your people about the newest threats. Keep supporting those who are reporting, even if they are reporting SPAM. Keep looking at the reported emails and learning from them. And of course, leverage the power of the collective - the network effect – for its ever-evolving intelligence wherever possible to keep your employees free of all the bad stuff that has made it to their inboxes. 

view counter
Keith Ibarguen is Chief Product Officer at Cofense, and has more than 25 years of technical and managerial experience, most recently serving as Chief Engineer for the Law Enforcement and Domestic Security Division at the MITRE Corporation. He has worked to develop and enable novel solutions across a number of MITRE Sponsor and internal programs throughout his career, leveraging his expertise in cyber operations and enterprise cyber security, software development, enterprise IT design and deployment. Throughout his years of service, he has led activities with the DoD, the Intelligence, and Law Enforcement Communities as well as partnered with numerous not for profit and commercial firms.