16 Tools, Technologies And Strategies For MSPs To Fight Phishing Attacks
From security awareness training, phishing simulations and multi-factor authentication, to products from Microsoft, Proofpoint, Mimecast and AppRiver, here’s how MSPs can combat phishing attacks.
Fight The Phish
Phishing attacks and scams have thrived since the COVID-19 pandemic began and today phishing attacks account for more than 80 percent of reported security incidents. The second full week of the 18th annual Cybersecurity Awareness Month will stress the importance of being wary of emails, text messages or chat boxes that come from a stranger or something the user isn’t expecting.
Users should think before clicking on any suspicious emails, links or attachments and make sure they report any suspicious emails, according to National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Security Agency (CISA), which co-lead Cybersecurity Awareness Month.
For week two of Cybersecurity Awareness Month, CRN spoke with 16 managed service providers with security services expertise about the security technologies and vendor tools they use to keep phishing attacks at bay. From security awareness training, phishing simulations and multi-factor authentication, to products from Microsoft, Proofpoint, Mimecast and AppRiver, here’s how MSPs keep their clients safe.
Multi-Factor Authentication
Shane Vinup, CEO, Maple Grove, Minn.-based Cyber Advisors, No. 456 on the 2021 CRN Solution Provider 500
Anti-phishing scenario-based training is a vital tool in the arsenal against phishing attacks, but it only lessens the attack surface against vulnerable humans. Email banners exclaiming external senders provide an additional level of alerting, but still rely on the effectiveness of training, thereby only minimizing the danger.
The only truly effective way to reduce the threat to approach zero (you will never hit zero) is to implement some form of multi-factor authentication on virtually every critical asset within an organization. That way, when the last vulnerable human makes a mistake, the ability for the attacker to simply exploit a technical win just becomes another extremely difficult hurdle. Ultimately, well-crafted and enforced security policies also play a pivotal role in protecting vulnerable humans. This is particularly true for the increasing case numbers of financial fraud where attackers use social engineering to bypass separation of duties and signature authority controls.
End User Education And Email Protection
Chris Schueler, CEO, Alpharetta, Ga.-based Simeio, No. 270 on the 2021 CRN Solution Provider 500
Unfortunately, there’s never a single service or product that can tackle the sophistication of current or future attacks. And that’s where it gets complex. However, getting down to the basics is fundamental to security. The reality is the weakest link in security is always the human element. And thus, end-user education can never be ignored and is always the first line of defense. Programs or services that include end-user training and awareness are highly effective as a preventive strategy and are something we always recommend to our clients for their employees as well. Email protection is an area that is highly effective in preventing attacks, along with web and email isolation products and strategies that I highly recommend. It is not just inbound monitoring that needs to be robust, but web filtering and outbound access restriction products that control outbound access and monitoring are key. Some of our SMEs recommend Proofpoint as an effective provider to counteract phishing.
Proofpoint Simulated Phishing Campaigns
Mark Cooley, Vice President of Security and Compliance, Cedar Rapids, Iowa-based Involta, No. 255 on the 2021 CRN Solution Provider 500
Phishing attack prevention is all about end-user awareness and ongoing training. As I mentioned before, phishing attacks are a people and process vulnerability that is often overlooked. There are a variety of tools in the marketplace that companies can use to deploy phishing tests and management. At Involta, we utilize a service from Proofpoint to run simulated phishing campaigns on a regular basis. The goal of the campaign is to test, educate, and provide the skills necessary for our users to recognize the characteristics of phishing messages. Being consistent with simulated phishing has been a huge success for us, and the skills and awareness that we provide filters down to our customers.
Layered Controls And User Education
Rocky DeStefano, Senior Vice President of Innovation and Development, Denver-based Optiv, No. 25 on the 2021 CRN Solution Provider 500
Broadly speaking, one of the most effective elements of an anti-phishing strategy are a focus on user education and encouragement of the right behaviors through training and continual validation through testing.
Phishing remains a leading initial vector into an organization and successful mitigation of that risk requires several layered controls, including email threat management, threat intelligence, awareness [and] training, automation of playbooks, simplified user reporting and, of course, implementation of the principals of least privilege for users. The layering of security controls is keenly important because two facts are incontrovertible: An email will get through and some user will click.
Holistic Approach Required
Andrew Reese, Chief Architect – Security, Office of the Chief Technology Officer, Auburn, Wash.-based Zones, No. 30 on the 2021 CRN Solution Provider 500
There is no one product or service that is effective. It requires a holistic approach to properly address the phishing attack problem.
Every client we work with has different business goals and objectives, they have different threats and actors, they have different technologies applied to their IT and OT networks and compute environments, there are many different personas of human firewalls that will always need updating and tweaking, and everyone has different financial means and operational maturity levels. To think there is one silver bullet is to place a Band-Aid over the previous wound.
Spam, Spear Phishing & BEC Defense
Randy Watkins, Chief Technology Officer, Plano, Texas-based Critical Start, No. 200 on the 2021 CRN Solution Provider 500
The phishing solution, to be effective, must not only stop spam, but also targeted spear phishing attacks, business email compromise, and also educate the user on what to look for if something suspicious still ends up in the inbox. Many solutions now have the ability to submit a suspected phishing email, but this is less effective than it could be due to the lack of headcount to process the submitted emails and reply to end users.
Proofpoint And Microsoft O365 ATP
Lewie Dunsworth, CEO, Commerce, Mich.-based Nuspire, No. 409 on the 2021 CRN Solution Provider 500
As a security practitioner, I believe that establishing protective guardrails and educating end-users are the best defense against phishing attacks. In my experience, people try their best, but often make a mistake. It’s our job to try and prevent that mistake from becoming an even bigger mistake by not having controls in place to protect the business and contain an event. Products like Proofpoint and Microsoft’s O365 ATP solution have proved to be very valuable for me in the past.
NIST Framework And Attack Surface Monitoring
Jeff Schmidt, CEO, Phoenix-based Avertium, No. 405 on the 2021 CRN Solution Provider 500
A wise mentor once told me when I was automating manual processes for operations to eliminate human error, “tools are fool proof, fools are not tool proof.”
We tell companies they have to know thyself and know thy enemy, and that means a solid NIST framework in combination with intelligence-driven attack surface monitoring. Both are required.
Continued education that keeps phishing at a level that everyone can understand ensures this comprehensive mindset becomes muscle memory.
Security Awareness Training
Brad Taylor, Co-Founder and CEO, Carlsbad, Calif.-based Proficio
While there are many email security products on the market today, preventing a phishing attack remains challenging. Due to the constantly evolving, and often sophisticated methods of cybercriminals, it is nearly impossible to prevent 100 percent of phishing attacks. However, the human factor is and will remain one of the best lines of defense to prevent these attacks from causing damage. It is essential for all organizations to provide security awareness training programs to ensure their employees understand security and how to detect attacks.
End User Training
Aaron Leiberman, Chief Technology Officer, Bedford, Mass.-based ConRes, No. 71 on the 2021 CRN Solution Provider 500
Andy Chiquoine, Chief Technologist, Managed Services, ConRes
There are several solutions we recommend to mitigate phishing attacks, but we’ve found there is a tremendous need to pair these solutions with end user training. Attacks are getting increasingly sophisticated and employees need to better understand how to recognize a threat and the methods cybercriminals use to gain access to an organization.
Holistic Approach
Nancy Sabino, Vice President of Sales and Marketing, Addison, Texas-based Synetek Solutions
[Author and entrepreneur] Ken Poirot says, “An apparently insignificant issue ignored today can spawn tomorrow‘s catastrophe,” which is why it’s not simply about a product or service but the combination of which actively work together to be proactive and place as many doors and locks in place as much as possible. From awareness training, phishing prevention, firewalls, email protection, early detection, etc., now it’s more about a holistic approach rather than one-and-done solutions.
AppRiver And Office 365
Frank Ernesto IV, CEO, Richmond, Va.-based NDSE
We use AppRiver and the O365 controls together, tightly customized. This, along with educating the end users through security awareness, has been our best approach.
Mimecast, Graphus And Cyberfish
Michael Goldstein, President, Fort Lauderdale, Fla.-based LAN Infotech
Currently we utilize Mimecast today for all of our email security needs. The overall amount of phishing emails is also having us look at other products specific to phish detection like Graphus and Cyberfish.
Mimecast And Cisco Umbrella
Manak Ahluwalia, President and CEO, Waltham-Mass.-based Aqueduct Technologies, No. 360 on the 2021 CRN Solution Provider 500
It’s been a combination of end user training, email protection platforms such as Mimecast, and a DNS protection layer like Cisco Umbrella.
Mimecast Email Filtering
Milton Bartley, Co-Founder, President and CEO, Nashville-based ImageQuest
There is no silver bullet. We rely on a combination of continuously reinforced training and testing, and Mimecast email filtering.
Education
Malinda Gagnon, CEO, Portland, Maine-based Uprise Partners
While there are many security products that we use to reduce risk, proper education of users pays much better dividends to our customers.