Skip to main content

Three "E"s of Modern Email Security for Phishing: #3 Enterprise Visibility

June 30, 2014

In response to the persistent threat from phishing attempts, a three-pronged approach focusing on the “Three 'E's of Modern Email Security for Phishing” can be highly effective in reducing your organization’s attack surface. The first two "E"s are Enhanced technology and Employee focus. The third and final "E" of modern email security for phishing is Enterprise visibility.

While the primary vulnerability exploited in a phishing attack is people, all sorts of factors within the enterprise can contribute to greater risk. Understanding and correcting your vulnerabilities is critical.

Know Your Entry Points It is important to map out your vulnerabilities, regularly conduct a gap analysis, and aggressively test your systems to understand the entry points attackers can exploit. These entry points are constantly changing and evolving. For example, I was working with a company that merged with another organization that turned out to be wide open, without many security controls in place. This became a new entry point that wasn't being monitored, and the new, combined organization was hit with a phishing attack.

Enable Incident Response Capabilities When a phishing attack is identified, it is critical that your organization has a process in place for proper notification and issue handling. Incident response plans should be mapped out for different attacks – from employee reports, to executive and public notification. You cannot wait until an attack has occurred, you must be ahead of the game with a plan. Being prepared makes a huge difference in how an attack impacts your organization.

Operationalize Data from Attacks Every failed and successful attack should serve as a learning experience to your organization, and provide useful metrics and statistics. Use the data from attacks and incidents that were prevented to deliver insight into the return on your security investment by measuring impact and results. Use the data from successful attacks to understand the changes you need to make and how to prevent the exploit in the future.

By using the “Three 'E's of Modern Email Security for Phishing” to address phishing, you can effectively reduce the chance that users will open the door to risk and prevent these attacks from doing significant damage to your organization.


    James Robinson

By: James Robinson

Vice President, Third-Party Risk Management

See More

Related Blogs

November 25, 2014

'Tis the Season for Phishing

It’s that time of year again, the holiday season. A time filled with friends, family, good food, and celebration. But of course it has its downsides a...

See Details

June 25, 2014

Three "E"s of Modern Email Security for Phishing: #1 Enhanced Technology

Every day, over a billion emails are sent containing malicious links and attachments, tempting users to take the bait and effectively launch an attack...

See Details

June 26, 2014

Three "E"s of Modern Email Security for Phishing: #2 Employee Focus

The first "E" of modern email security for phishing is Enhanced technology that works to limit the delivery of phishing emails to users within your or...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

September 16, 2014

Phishing with Smitty: A Unique Tool for Solicitation Attacks

This post will introduce you to the Smitty SMTP utility, which is a fully featured email client. We use this tool as a means to effectively deliver em...

See Details

November 25, 2014

'Tis the Season for Phishing

It’s that time of year again, the holiday season. A time filled with friends, family, good food, and celebration. But of course it has its downsides a...

See Details

March 08, 2017

Be on Alert for Phishing Scams during Tax Season!

Once again tax season is upon us, and with it brings increased phishing attempts targeted at obtaining tax information from both for-profit and non-pr...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.