Why Spear-Phishing Attacks Need Constant Cybersecurity


A finely tuned ‘spear phish’ is almost impossible to defend against, but the need for human oversight in cybsecurity is essential.

Most cybersecurity executives understand that one of their greatest vulnerabilities is their workforce. Insider threats or rogue employees who have valid credentials can do great harm to a company. But there is an even greater and more likely threat that hackers have turned to – phishing and its more advanced sibling, spear phishing. Increasingly we are seeing nation-state hackers, especially from Russia, moving on from these widespread phishing campaigns to targeted spear phishing attacks, in which an email is from what appears to be a trusted person is used to gain access to confidential information.

If a hacker gains valid credentials to a company’s network through these methods, for all intents and purposes, he is now an employee with the means and intent to do harm. Think about this for a moment. This is the very definition of an insider threat. From the perspective of the security team, there is almost no difference in detecting and responding to an insider specifically from the workforce and a hacker from anywhere in the world who is in possession of a valid username and password.

A recent report from the Anti-Phishing Working Group noted that there was a 250 percent spike in phishing activity between October 2015 and March 2016. Social engineering is playing a big role in this increase, with end users practically handing hackers the keys to their kingdoms.

Why spear-phishing is so insidious

Although real-time analytics can leverage information from Domain Reputation Systems and Real-Time Blacklists to make us more effective at identifying and blocking phishing attempts, a finely tuned ‘spear phish’ is almost impossible to defend against and remains a common and effective attack vector.

In the early days, criminals would steal mail, search through trashcans, even approach friends and colleagues in order to gain access to information and then build a picture that would enable them build a credible phish. Today we make it so much easier for them. Social media not only provides hackers a huge amount of detail about our families, our work lives and our social lives, but emotive and prolonged campaigns like elections also give them a detailed picture of our values and belief systems.

Moreover, employees often fail to be careful and react emotionally on personal social channels, failing to realize this can bleed into attacks on their business accounts. They are painting a picture of their prejudices, failings and weaknesses, which provides hackers with ammunition and a clear window to attack through spear phishing. It is vital for organizations to continue to implement the training and awareness programs that traditionally prepare employees for these attacks, and emphasize that what they share online in their personal lives can affect the business.

But if this new threat landscape has taught us anything, it is that organizations must be at the ready when the attacks inevitably take place. Since we cannot stop every employee from sharing too many details online, organizations must be able to detect anomalies within their environment by understanding what normal looks like on their specific environment so that they can identify anything out of the ordinary. Zero-trust, role-based security programs make this easier, but so many companies are still a long way off from meeting all their security needs.

Cybersecurity: How much can you afford?

Organizations are getting more effective at mitigating risk by using an active defense approach with a team to monitor, detect and respond to threats in real-time. This often takes the shape of a Security Operations Center (SOC), which is tasked with the sole mission of keeping all systems secure, 24x7x365. While this team can’t prevent all employees from clicking on a link in a phishing or spear phishing email, an advanced SOC will actively be searching for anything on the network that looks unusual – hunting at a level of detail that tools cannot achieve and rapidly detecting and responding to the hacker before critical damage can be done.

However, it costs between $3 million to $5 million to build a SOC, and then $2 to $3 million per year to keep in running. While this is expensive, the need for human oversight in security is essential. Even the best tools can’t completely protect you with some proactive hunting and tracking. Because of the constraints, companies can consider turning to a third party to assist with around the clock security support, whether in the public cloud, private cloud or on your own databases.

The bottom line is this: Hackers will get in. It’s how well prepared you are to find them, minimize their reach into your environment and remove them that truly minimizes the risk to your organization. An active defense approach is your best bet today, and managed security services in the cloud is one effective and cost-wise way to get there.

More on this topic:


Daniel Clayton

About Daniel Clayton

Daniel Clayton is director of operations for Rackspace Managed Security.

Leave a Reply

Your email address will not be published. Required fields are marked *