Phishing poses a looming vulnerability for many enterprises today
because the attackers have upped their game. They can now set up and take down
phishing attacks within minutes, making it very hard for current defenses to identify
the problem before users succumb to a scam. The major types of phishing and
social engineering threats today go well beyond bogus email links and
attachments. They include more sophisticated tactics such as
credential-stealing, scareware, rogue software, phishing exploits, social
engineering scams and phishing callbacks.
Hackers now rely on a broad range of digital communication
vectors to trick users into giving away their credentials and data. Sneaky new
phishing expeditions might be carried out via phony pop-ups, fake ads,
malicious search results, browser extensions, chat applications, social media
posts, web “freeware” and deceptive apps downloaded from App Stores.
To make matters worse, researching URLs in suspected phishing incidents has become a costly and time-intensive process, according to a new survey of 300-plus security decision-makers at large U.S. firms. Nearly half of all survey respondents (47%) reported URL research times of six to ten minutes or more per incident, while 24% said they averaged just three to five minutes per incident.
This approach is costly and dangerous for large organizations that
are facing a chronic shortage of trained cybersecurity staff. For larger
organizations that have several hundred to several thousand incidents to
research per day, taking more than 10 minutes to resolve each incident is
extremely risky. Cumulatively,
this task can easily consume dozens of hours per day and multiple full-time
employees from zero-hour phishing threats is especially important for larger
organizations in data-intensive fields such as financial services, government,
defense, healthcare, energy, and large-scale manufacturing. Yet only 19% of survey respondents reported their URL research
as being a fully automated, real-time process. And only one in eight organizations
reported real-time operationalization of threat intelligence feeds to block
live web threats.
Over half of survey respondents (56%) correctly noted that
phishing URLs typically remain active for a very short time, under an hour to
just several hours. Yet in a contrasting finding, when it comes to the top
three anti-phishing security stack improvements still needed, “More timely
phishing threat intelligence/block lists” was the least popular choice. The
most common improvement reported was a “Better way to detect traffic to
previously unknown phishing URLs.” The other two most desired anti-phishing improvements
were “More effective email phishing detection” and “Better automation across
stealing from fake login pages was cited by 21% of respondents as the most
dangerous phishing type for an enterprise, followed by malware sites hosting rogue browser extensions and
apps at 17%. But other types of phishing sites also ranked high, with scareware
and sites hosting weaponized docs coming in at 16%.
Companies can adopt a wide variety
of systems as the first system to ingest a third-party phishing threat
intelligence feed, the most common being a Threat Intelligence Platform (TIP)
at 23%, followed by DNS or Web Proxy (22%), SOAR (16%), NextGen Firewall (16%),
SIEM (15%), and others. Relying on outdated block lists is other common problem
hindering the need for speed in response times, as only 23% reported continuous
or real-time updates. A quarter (25%) reported block list update frequency
intervals of five minutes to an hour, while over half (53%) reported update
intervals longer than an hour. At the rate phishing campaigns are popping up,
claiming your info and moving on, this is no longer a reliable method for
attacks coming in at the web layer.
Clearly, it has become a race against time for most enterprises to implement threat intelligence quickly enough to protect employees from these fast-moving phishing attacks. This is an area where time and costs could be reduced through greater automation, as is becoming more common using Security Orchestration, Automation, and Response (SOAR) platforms, phishing IR playbooks, and other real-time defenses. More large enterprises will need to shore up their real-time threat detection capabilities or face the threat of catastrophic breaches and data losses.
With our Phishing URL Analysis & Enrichment solution, we can help ease your SOC teams’ pain and challenges. To find out how you can save time, money, and hassle by automating your SOC team’s phishing IR efforts, contact us and request a demo today.
*** This is a Security Bloggers Network syndicated blog from SlashNext authored by Lisa O’Reilly. Read the original post at: https://www.slashnext.com/blog/slow-response-times-to-blame-for-phishing-attack-success-on-organizations/