Patrik Honegger has worked in the IT sector since the 1990’s and has specialized in the IT security field since 2000. He joined Check Point in 2001. Since joining Check Point, he has been involved with the full array of company solutions and customer sectors and maintains a deep technological understanding of products and customers’ needs. Patrik has successfully fulfilled roles as Security Engineer, Lead Consultant and Head of Security & Systems Engineering in Switzerland. He is a member of the Office of the CTO, and holds various technical certifications. Prior to his role at Check Point, Patrik had multiple expert technology roles in local and global companies.

In this interview, Patrik Honegger shares coveted phishing strategies that can advance your security infrastructure and architecture. Gain practicable real-world insights to drive better outcomes and to fortify your security foundations.

What is the role of automation in preventing and defending against phishing threats?

A very high rate of automation is an absolute must when we are talking about the prevention of phishing threats. With an infinite number of phishing attempts, it is simply not practicable to do manual interactions; only for flagged attempts if needed. So, with modern automation technologies you can set your security standards bar high. This by the way does not only apply for phishing vectors, it is part of any state-of-the-art security architecture.

What metrics are most valuable for organizations when it comes to phishing?

We need to understand that phishing attacks can come from many different attack vectors. The most common ones are email, phishing sites, and text messages.

We could talk for instance about the click rates in your organization and other metrics, but I assume here that most organizations have already progressed through education programs and a good reporting culture from employees is hopefully already well established. Organizations must deploy automated anti-phishing solutions to protect employees and their own businesses against today’s extremely targeted phishing attacks.

Therefore, it is important to perform at least 4 steps:

1. Reiterate cyber awareness and education to your employees.
2. Prevent zero-phishing attacks on emails, endpoint devices and any other mobile devices.
3. Activate threat emulation and extraction protections in your products.
4. Leverage the advanced zero phishing capabilities of your products.

More details can be found in my December post here.

In relation to phishing, how can organizations cut through reporting noise?

Although you can have multiple layers of advanced protection, there is no such thing as 100 percent prevention. You need to automate as much as possible and own tools with advanced built-in technologies, intuitive consoles and reporting features. With simplified dashboards and enough insights, administrators can quickly cut through the noise, identify systematic email security risks and if necessary, remediate them instantly.

With the right security tools, you can seek out advanced threats and eliminate them before they compromise your crown jewels.

I would look for at least 3 key components here:

• Actionable analytics
• Thread feed overview
• Granular analysis and explanation

How can security professionals save time as they work to prevent/defend against phishers?

• Ensure that your executive board fully supports your holistic view (security controls), and that all areas of threats are addressed, and are part of your prevention mindset!
• Run the prevention approach and fully automate as much as possible, using standard and customized tools. Automation for timely remediation is a key factor in the prevention architecture nowadays.

Anything else that you wish to share with the CyberTalk.org audience?

Despite all technology components, education and awareness trainings for your employees will still be the first line of defense when it comes to phishing attempts. Trust your employees and educate them regularly.

For example, everyone at Check Point needs to pass a repetitive educational/awareness task about social engineering and phishing attempts. We now also offer awareness trainings directly to our customers.

Finally, as I already mentioned in other articles, information security is a never-ending journey. Your starting point might be well defined, but your arrival is delayed, meaning you need to reevaluate and enhance your security measures constantly.

For further phishing insights, please see CyberTalk.org’s past coverage.