Michael Novinson at CRN had a great article that really explains the issues we are dealing with. He started out with: "Spear phishing remains the most common way for adversaries to compromise organizations, and businesses need a technology or two that are exceptional at detecting it, says FireEye CEO Kevin Mandia."
Now, Mandia sells security software that filters malicious email, so that's what he is pitching. Ultimately if you read what he states in a broader context, he's promoting defense-in-depth where you need to have all the layers in place.
Continuing with the Mandia article: "Solution providers should invest in spear phishing detection and reducing their customer’s footprint on the internet to keep clients safe, according to FireEye CEO Kevin Mandia.
Spear phishing remains the most common way for adversaries to compromise organizations, Mandia said, with the threat actor creating a targeted message that dupes the person of interest into opening a dangerous attachment or clicking on a malicious link in an email.
“You can train people all day long, but ultimately, you’ll want to have a technology or two that are exceptional at detecting spear phishing,” Mandia said Monday at the 2019 Best of Breed (BoB) Conference, hosted by CRN parent The Channel Company.
The best attackers in the world are usually focused on the most influential 5,000 people in the world, Mandia said, which could include elected officials, corporate executives, and other wealthy individuals. And well-connected people are typically in more danger of a mobile attack when in close physical proximity to an adversary based on Bluetooth protocols and how the device is set up. “When the best attackers on the planet are targeting certain companies and people, they have the advantage,” Mandia said.
One nice, clean way Mandia said executives can avoid getting spear phished is by regularly clearing email in their iOS device. Another precautionary step Mandia recommended is locking down CEO email so that it can only be viewed on a specific device and nowhere else.
Apple’s iOS allows for the most control since it’s a closed ecosystem, Mandia said, while the Windows OS has gotten a whole lot better, with the latest version of the OS being good from a control standpoint. For users that can’t help themselves from clicking on links and attachments, Mandia said it’s best to do so on a device like an iPad.
“The way you get compromised is that you hack yourself by accident, clicking on a link or opening an attachment thinking it’s from somebody that it’s not,” Mandia said. “What do I recommend? Shut the front door with a small internet presence and detect spear phishing.”
Meanwhile, Mandia said the second most frequent way attackers break into a network is by having valid credentials in the first place. User accounts and passphrases from previous compromises of public service providers like LinkedIn have been disseminated, and if the same user ID-password combo is still being used on for accounts, Mandia said the adversary will try to get in.
Adversaries can also get their hands on valid credentials should a supply chain get compromised since the typical business works with between 50 and 100 other businesses, Mandia said. And if any one of those third parties gets compromised and has a valid credential to the organization’s network, Mandia said the company could find itself in trouble. Article continued at CRN: