The UK National Cyber Security Centre (NCSC) has issued an industry cyber security guidance, outlining a multi-layered approach that can improve resilience against phishing, whilst minimising disruption to user productivity. Typical defences against phishing are reliant on users’ abilities to detect phishing emails.
However, by widening your defences, you can improve your resilience against phishing without disrupting the productivity of your users. You’ll also have multiple opportunities to detect a phishing attack, and then stop it before it causes harm to your organisation. Accepting the fact that some will get through will help you plan for the day when an attack is successful, and minimise the damage caused.
This guidance splits the mitigations into four layers on which a company can build defences:
- Make it difficult for attackers to reach your users
–> Don’t let your email addresses be a resource for attackers
–> Reduce the information available to attackers
–> Filter or block incoming phishing emails
- Help users identify and report suspected phishing emails
–> Carefully consider your approach to phishing training
–> Make it easier for your users to recognise fraudulent requests
–> Create an environment which empowers users to seek help
- Protect your organisation from the effects of undetected phishing emails
–> Protect your devices from malware
–> Protect your users from malicious websites
–> Protect your accounts with effective authentication and authorisation
- Respond quickly to incidents
–> Detect incidents quickly
–> Have an incident response plan
Some of the suggested mitigations may not be feasible within the context of your organisation. If you can’t implement all of them, try to address at least some of the mitigations from within each of the layers. As a result, you’ll be in a much better place to defend against phishing attacks.