Email Threats In The Context Of Security Operations Centers

AnubisNetworks By AnubisNetworks • February 10, 2021

The growing threat of cybercrime, from inside and outside the organization, calls for robust countermeasures. We take a look at some of the processes needed to keep the cyberattackers at bay.

Phishing attacks, unfortunately, aren't going away anytime soon. A recent study has shown that 83% of global organizations experienced phishing attacks just in 2018. Such numbers prove only one thing - when you think you've done all you can to protect against phishing attacks, it's time to do more.

It's not that phishing attacks aren't being dealt with - numerous organizations make an effort to educate their employees and implement tools to flag suspicious emails. But, alert fatigue is a real thing and a serious issue that analysts face every day. According to research done by the SANS Institute, excessive reporting can make it harder to manage a timely response to real phishing attacks. Another added factor is the time spent and wasted on false positives, spam, and legitimate messages.

Phishing attacks are notoriously tedious due to the prep work they require. The actual investigation of a suspicious phishing attack is not too difficult. What really takes an analyst's precious time and energy is all that upfront work.

Let's take a closer look at the phishing attacks and basic processes needed to keep the digital criminals at bay.

Set Up Your Spam Mailbox

Your employees are a major access point for cyberattackers, but they are also your first line of defense. They are the ones who are first exposed to phishing attacks that sneak past your security tools, so they should be encouraged and trained to spot an issue and report it.

A spam mailbox is what makes the reporting process effortless. Instead of a recipient guessing who to forward a suspicious email to, both parties can be assured the message is going to the right place, allowing you to take immediate measures.

Have a List of Executives

Although spear fishing, which targets specific people at an organization (typically high-ranking personnel), is one of the rarest types of phishing attacks, the financial blow to its victims is substantial. Executives usually have the highest network privileges, and by successfully scamming them with well-designed phishing emails, cyberattackers can find out their credentials and cost your organization money.

Having a running list of staff with executive permissions gives more visibility over possible targets. With it, you can quickly classify and prioritize suspicious emails that come into your SOC queue. This list also helps support internal reports that your threat intelligence uses.

Make Sure to Tag Events

Approaching your phishing strategy from all angles pays numerous dividends. Make sure to label phishing events by factors, such as how they are received (spam mailbox, ad hoc, tool detection, hunting), what the sender's end goal is (harvesting, malware, whaling), and which lines of business are targeted or can fall victim (marketing, human relations). This can help draw a clearer picture of the work the SOC is doing and boost your team's efficiency.

Standardization Through Process Documentation

Lastly, process documentation is how you can ensure the entire team completes all of the steps required to deal with the phishing case. Successful process documentation helps pinpoint gaps in your employees, processes, and technology, and prepares your analysts for the next dubious email.

For optimal security, it's best to consider a robust email security system that can ensure your organization's safety. To learn how Anubis Networks can help you, request a demo today.

To learn how Anubisnetworks can help you, request a demo today

Free Trial Mail Protection System

Author: AnubisNetworks

AnubisNetworks is a company that develops email security solutions. Our Mail Protection Service protects against ransomware, spam, business email compromise (BEC), spoofing and phishing. MPS is based on AnubisNetworks Threat Intelligence ecosystem, which enables detection and avoidance of the latest and most advanced cyber threats.