Intelligent CISO Issue 12 | Page 29

? CRANE HASSOLD, SENIOR DIRECTOR OF THREAT RESEARCH AT AGARI B ased on the average number of phishing incidents and the average time to remediation (4.9 hours), the average SOC needs 54 analysts to handle the number of phishing incidents per company. In our recent Phishing Incident Response Survey, the average number of SOC analysts was 12.5, demonstrating that there is a staffing gap of at least 41.5 full-time equivalents (FTEs). This gap currently results in most organisations failing to detect phishing incidents, which opens each organisation to the possibility of breaches or fraud. By implementing automated phishing incident response processes that reduce the time to triage, investigate and remediate phishing incidents by 50%, organisations could save US$4.37 million in SOC costs and US$551,025 www.intelligentciso.com | Issue 12 in breach risk – for a total savings of US$4.92 million. Phishing awareness training – is it effective? Although developing a secure and trusted email network is the key, all businesses should have training and policies in place on how to recognise and respond to suspicious emails. In particular, there should be strict procedures around requests involving transferring funds or sharing confidential data to help identify attempts at fraud. Nevertheless, some believe phishing awareness training can create over- confident employees. A good way of countering potential overconfidence is to focus on procedure and policy. Most attacks targeting finances or confidential data rely on the victim skirting proper procedure to wire over funds or email out confidential data. Employees should know to always editor’s question follow policy, even if it appears to be their CEO telling them not to.    Fraudsters are constantly adapting social engineering techniques to specifically circumvent employee training and company policies, so firms should look to remove users from the equation by focusing on technology that will prevent these emails from reaching their intended targets in the first place.  Ditch the domain spoofing Email authentication is one of the most effective methods of preventing malicious emails from reaching the inboxes of their targets. DMARC – Domain-based Message Authentication, Reporting and Conformance – is one method which has proven very successful.  DMARC gives brands control over who is allowed to send emails on their behalf. It enables email receiver systems to recognise when an email isn’t coming from a specific brand’s approved domains and gives the brand the ability to tell the email receiver systems what to do with these unauthenticated email messages. Fraudsters are constantly adapting social engineering techniques to specifically circumvent employee training and company policies. 29