Fortune 50 global investment firm counters phishing threats with Menlo Security Phishing Isolation
The pain caused by phishing serving
Millions of customers worldwide, this investment banking leader goes to great lengths to protect its trillions of dollars in assets. As a high-profile target for cyber criminals, nearly every aspect of its infrastructure is under constant attack. Email phishing attacks, in particular, were proving to be an increasingly serious threat. This is no surprise.
Despite multiple security defense layers and many hours and dollars spent on end-user training, phishing continues to be one of the most effective attack vectors for cyber criminals. According to the 2016 Verizon Data Breach Report, on average, 30% of phishing messages are opened and nearly 12% went on to click on malicious attachments or links, despite extensive training. Gartner notes that increasing volume and sophistication of phishing attacks are resulting in real financial damage to organizations in both downtime (such as “ransomware” attacks) and direct financial fraud (such as wire transfers)1 .
To combat email threats, the organization deployed multiple layers of security, each intended to address a specific part of the email security problem. Their architecture was similar to those of many other large enterprises, combining cloud and on-premises versions of anti-spam, anti-virus, data security, encryption, and sandboxing. Although these solutions are capable of defending against a broad variety of threats, they remain highly vulnerable to two of the most insidious attacks, spear phishing and drive-by malware exploits.
The spear phishing vulnerabilities stem from the fact that legacy email security solutions are largely based on reputation, that is whether an email link is known to be “good” or “bad”. A link’s reputation is determined via third party data feeds or internally by way of large-scale email traffic and data analysis.
In the case of spear phishing attacks, which target specific individuals within an organization, the email link is usually unique, as is the target user, hence there is no third party reputation data available, nor is there enough data to analyze internally to make an accurate determination. If the determination is incorrect, users are sent directly to a site where credentials can be stolen, or malware can be downloaded to an endpoint. A single error can facilitate a pervasive attack that can cause billions of dollars of damage. This was precisely the pain the global investment firm was feeling.