In partnership with several other U.S. agencies, the National Security Agency (NSA) recently issued new guidance on how to mitigate phishing attacks for IT departments. Phishing attacks use deceptive tactics to trick people into divulging sensitive information or deploying malware onto systems. Phishing usually involves fake emails, messages or websites that look legitimate, mimicking trusted entities like banks, social networks or government agencies.
There are significant risks associated with phishing for organizations. First, phishing can compromise business information and customer data by allowing unauthorized access. Phishing attacks can also lead to more advanced cyber threats, like malware and ransomware, which can cause data breaches, system disruptions and financial losses. Furthermore, successful phishing attempts can enable attackers to impersonate employees, gaining unauthorized access to corporate networks and damaging reputations. Finally, organizations could face fines and compliance problems if they don’t protect sensitive data.
Recommendations to Stop Phishing Attacks
The U.S. government guidance includes an extensive list of measures organizations can take to combat phishing. It divides its recommendations into steps to prevent credential stealing and deployment of malware.
To prevent credential stealing, organizations should implement:
- User training on social engineering and phishing attacks, such as phishing attack simulation
- DMARC for incoming emails (DMARC provides visibility into how a domain is used and prevents unauthorized senders from sending emails on behalf of an organization)
- Internal mail and messaging monitoring
- Free security tools, like OpenDNS Home, to prevent cyber threat actors from redirecting users to malicious websites to steal their credentials
- Phishing-resistant multifactor authentication (MFA) and MFA lockout and alert settings
To stop malware execution, organizations should:
- Incorporate denylists (lists of prohibited sites, programs or other elements) at the email gateway and enable firewall rules to prevent successful malware deployment
- Restrict MacOS and Windows users from having administrative rights
- Implement the principle of least privilege for user accounts
- Implement application allowlists (security controls that list applications authorized within a network based on a defined baseline)
- Block macros by default
- Deploy remote browser isolation solutions that prevent malware propagation by quarantining the malware sample upon execution
- Implement free security tools, like Quad9 or Google Safe Browsing, to identify and stop malware upon execution
- Set up a self-serve app store where customers can install approved apps and block apps and executables from other sources
- Implement a protective DNS resolver to prevent malicious actors from redirecting users to malicious websites to steal their credentials
In addition, the guidance recommends that software manufacturers implement secure-by-design techniques to ensure their software is secure against common phishing attacks. The guidance advises organizations to hold software manufacturers to a secure-by-design standard and build these and other mitigations directly into products to protect users and organizations from phishing attacks.
MBL Technologies provides comprehensive cybersecurity services for long-term, sustainable solutions that address every facet of the evolving threat landscape, including mitigating phishing attacks. We help you boost your cybersecurity posture and implement cybersecurity best practices at your organization. Contact us today to get started.