Phishing: Leading targets, breaking myths, and educating users

Vade Secure’s Adrien Gendre explains why the end user is an important link in the security chain.

More about cybersecurity

TechRepublic reporter Veronica Combs interviewed Adrien Gendre, chief solutions architect at Vade Secure, at RSA 2020 in San Francisco about email security threats. The following is an edited transcript of their conversation. 

Adrien Gendre: We are focusing on expertise in email security. What we are seeing right now, it’s threats being very challenging. There are a lot of randomizations in the content in order to break through rearguard defenses. We are seeing new trends, also, in terms of reusing past breaches to feed new scams and new threats with real information, so the click rate is much higher.

SEE: Phishing and spearphishing: An IT pro’s guide (free PDF) (TechRepublic)

And we are seeing phishing being threat number one, which leads to the human element here at this conference. And Microsoft being the biggest target of phishing here in order to target companies and MSPs [Managed Service Providers].

There is an industrialization of what they are doing. We’re seeing that more and more. What we are facing these days, it’s, for example, 1,000 phishing emails in a campaign, and it’s going to be 1,000 different emails.

In our strategy, for example, we have another layer now. Instead of scanning a code from the email or the webpage, now we scan the look and feel, the rendering, what it looks like. We use computer vision for that.

What we are facing it’s, for example, you are receiving a phishing email today. You report it to your security vendor and they block it, and the next day you are receiving the same. It looks the same to you, but it’s not the same in terms of code. Everything is different inside and that’s why we need to have a different approach. Instead of the code now, we look at the vision of the threat.

It’s the biggest target for phishing. The brand number one victim of phishing in the world, it’s head-to-head between PayPal. So we are seeing on the black market the value of Microsoft accounts being very, very high. That’s why they’re being targeted by phishers and because all the companies are moving to Office 365, we believe that’s also one of the main reasons why phishers are targeting that. And so we believe we need to rethink how the production is done with Office 365.

It’s a cloud product. It’s not in your company anymore. There is no border anymore for your security, and so it needs to be inside and have different approaches for the threat and the management.

There is no issue in explaining there is a threat, and so something needs to be in place. Customers are very open in that, actually. The challenge is more small companies believe they are not the target because phishers will target more big companies, for example. And it’s not true at all, and we have use cases. For example we are seeing MSPs [targeted], which can also be small companies, but being the target, because that’s the way to reach the end clients, which can be governmental agencies and etc. So, we’re seeing MSPs being more and more targeted, and we believe in more evangelization on that.

It’s happening, we’re seeing that and we’re helping that. But it’s moving from MSPs to MSSPs [Managed Security Services Providers]. They have the responsibility of expanding security to the small companies because we also need to secure small companies because at some point they are always connected with something that has an impact, and so interesting for the phishers.

SEE: How an IBM social engineer hacked two CBS reporters–and then revealed the tricks behind her phishing and spoofing attacks (free PDF) (TechRepublic)

The companies, the decision makers, but also the users. We are also going into that aspect, and we’re combining more and more in our strategy, the user and the technology.

We hear a lot that the main issue in IT is between the chair and the keyboard [the user]–that it’s the weakest element of the chain. But we actually don’t think like that at all. We have to have a modest approach about it as a security vendor. We believe when threats are breaking through all the layers of defenses, the one making the last decision, the last line of defense, it is the user.

So we are combining and creating an improvement loop, a continuous improvement loop between the user and the technology and going to the remediation in order to learn and improve the system continuously. The user is part of the chain. The user is helpful a lot to improve the technology. You know, what the technology misses, the user sees it. That’s as simple as that.

And so we need to hide part of the chain, and we need to strengthen the user in terms of awareness, so he’s more aware of identifying the threat and reporting the threat. We improve the technology.

Also see

20200229-rsa-gendre-veronica.jpg

Image: Mackenzie Burke

View original article here Source