end-point
ANALYSIS can pre-emptively address high-risk areas for email exposure , including :
• Blocking never-before-seen attacks in real time , without needing to ‘ tune ’ a SEG or wait for policy updates
• Exposing malware-less financial fraud such as VEC and supply chain phishing
• Automatically isolating suspicious links or attachments in email
• Identifying and stopping data exfiltration , particularly via cloud-based email and collaboration tools
Once an attacker has infiltrated one email account , they can move laterally and impact a wide range of internal systems .
• Discovering compromised accounts and domains attackers use to launch campaigns
More organisations are choosing a layered approach to phishing protection . As noted in The Forrester Wave : Enterprise Email Security , Q2 2023 : “ The email security vendors you work with should demonstrate an ability to connect and share data with each other and with key tools in your security tech stack .
4 . Adopt phishing-resistant multi-factor authentication – Any form of multi-factor authentication ( MFA ) is better than none , but not all MFA provides the same level of security . Hardware security keys are among the most secure authentication methods for preventing successful phishing attacks ; they can protect networks even if attackers gain access to usernames and passwords . Consider replacing MFA methods like SMS or time-based OTP with more proven methods like FIDO-2 compliant MFA implementations .
Applying the principle of least privilege can also ensure hackers who make it past MFA controls can access only a limited set
Bashar Bashaireh , Managing Director , Middle East and Turkey , Cloudflare
WWW . INTELLIGENTCISO . COM 73