Malware, Phishing

Using the zero trust model to prevent phishing

By Philip James, director of architecture and integration, Alagen

Currently, the majority of all cyber attacks can be traced back to phishing. It’s become THE most common way for breaches to happen — both to businesses and individuals. In fact, nearly 60 percent of email today is spam, and three-quarters of organizations say they’ve experienced attempted phishing attacks.

The rise of phishing should be expected. It’s one of the easiest ways for a bad guy to get into an otherwise secure environment, usually at the hands of an unknowing employee. It’s why the last few years have seen a surge of new solutions in the email authentication space, new protocols like DMARC, and countless studies full of statistics on the prevalence of phishing attacks.

In my experience, one of the best ways to reduce the number and severity of phishing attacks is to enforce a tried and true method: The Zero Trust Model. It’s coming up on its ninth birthday, and, in my opinion, is perfect for reining in the onslaught of phishing attacks.

The model was created by John Kindervag of Forrester Research because of the common nature of attacks happening by way of the internal users of an organization. The idea is to take an approach of not trusting your employees simply because they’re protected by external firewalls. Here are three ways to make it part of your culture to reduce the instance of phishing.

Employee Education

The biggest vulnerability inside an organization is the workforce, which is precisely why security needs to become part of the culture. Threats like phishing have become so common, that prevention has to be top of mind for everyone.

The thing about phishing is it’s relatively easy to spot, so even the most non-technical employees can learn to identify it and be heroes to the company. Many organizations I’ve worked with will hold annual, in-person, small group sessions that present security protocols in very consumable ways, focusing on common use cases.

I like to share one story about an executive assistant who received an email from the alleged CEO requesting a list of employee social security numbers. The EA complied. After all, why would she question a request from the CEO?

Of course, the punchline is that the email wasn’t from the CEO. Had this EA been through some basic training on phishing attacks, she could have discovered this by examining the sender email address, and beyond that, knowing other telltale signs of a spoofed email.

Employees NEED to understand how phishing attacks happen, why they happen, and the damage that can be caused not only to the organization, but also to the individuals who work there.

I also recommend instilling an “open with caution” policy for email attachments. Since a large percentage of phishing attacks come in via attachment, this is something we advise our clients to instill. Implement a secure file sharing system, and teach employees to only open attachments when they are 100 percent sure of whom it came from (and the email address has been verified).

Network Segmentation

On the technical side, effective network segmentation is the number one thing you can do to protect sensitive data from phishing attacks. I constantly see companies hyper-focused on perimeter protection, so much so that that they forget to segment their high-value assets from basic user segments. This is a huge miss and a real vulnerability. Train your IT department to think about internal segmentation as much as they think about edge security.

Essentially, you need to split up your network from the inside out and protect it at every level. This way, you can more easily control entry and exit points of data. If a host on one segment is compromised, the hacker doesn’t have free access to attack the rest of the network on account of limited access.

Triple up defense

A close second to network segmentation would be requiring multi-factor authentication (MFA). Two-factor auth isn’t enough anymore if you’re managing sensitive data, and even the best-trained humans are still...well...human. MFA means that if credentials are compromised via a keylogger install, you can still have multiple lines of defense available.

For example, if an administrator’s credentials are compromised, it usually means the “keys to the kingdom” have been handed over. When multiple phases of authentication are enforced, attackers are less likely to compromise the target.

Focus on authenticating and authorizing all devices connected to the network. This is sometimes referred to as a rogue device detection program. Implementing a Network Access Control solution that authenticates and authorizes known corporate assets can be an effective method to prevent unauthorized devices from connecting to the network.

The zero trust of the internal edge is one of the most effective ways to remarkably improve overall security posture. Knowing what is connected to your network, where it's connected, and when, is a treasure trove of additional data.

A few weeks ago someone spoofed the email address of my CEO and sent an email with a PDF that contained payload meant to compromise a Windows exploit. By exploiting the employee it was sent to (a project manager), malware would be used to get the necessary credentials to hack into other systems.

This happened to a security company, proving, that phishing attacks aren’t necessarily strategic or smart, they’re just rampant. Try using the Zero Trust Model to keep them out of your company.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.