Patrik Honegger has worked in the IT sector since the 1990’s and has specialized in the IT security field since 2000. He joined Check Point in 2001. Since joining Check Point, he has been involved with the full array of company solutions and customer sectors and maintains a deep technological understanding of products and customers’ needs. Patrik has successfully fulfilled roles as Security Engineer, Lead Consultant and Head of Security & Systems Engineering in Switzerland. He is a member of the Office of the CTO, and holds various technical certifications. Prior to his role at Check Point, Patrik had multiple expert technology roles in local and global companies.
In this interview, Patrik Honegger shares dynamic phishing strategies that can advance your security infrastructure and architecture. Gain practicable real-world insights to drive better outcomes and to strengthen your security foundations.
What is the role of automation in preventing and defending against phishing threats?
A very high rate of automation is an absolute must when it comes to the prevention of phishing threats. With an infinite number of phishing attempts, it is simply not practicable to do manual interactions; only for flagged attempts if needed. So, with modern automation technologies you can set your security standards bar high. This, by the way, does not only apply for phishing vectors, it is part of any state-of-the-art security architecture.
For organizations, what metrics are most valuable in relation to phishing?
We need to understand that phishing attacks can come from many different attack vectors. The most common ones are email, phishing sites, and text messages.
For instance, we could talk about the click rates in your organization and other metrics, but I assume here that most organizations have already progressed through education programs and a good reporting culture with employees is hopefully already well-established. Organizations must deploy automated anti-phishing solutions to protect employees and their businesses against today’s extremely targeted phishing attacks.
In so doing, it is important to go through the following four steps:
- Reiterate cyber awareness and education to your employees.
- Prevent zero-phishing attacks on emails, endpoint devices and any other mobile devices.
- Activate threat emulation and extraction protections in your products.
- Leverage the advanced zero phishing capabilities of your products.
How can organizations cut through phishing reporting noise?
Although you can have multiple layers of advanced protection, there is no such thing as 100 percent prevention. You need to automate as much as possible and own tools with advanced built-in technologies, intuitive consoles and reporting features. With simplified dashboards and enough insights, administrators can quickly cut through the noise, identify systematic email security risks and if necessary, remediate them instantly.
I would look for at least 3 key components here:
- Actionable analytics
- Thread feed overview
- Granular analysis and explanation
With the right security tools, you can seek out advanced threats and eliminate them before they compromise your crown jewels.
How can security professionals save time as they work to prevent/defend against phishers?
- Ensure that your executive board fully supports your holistic view (security controls), and that all areas of threats are addressed, and are part of your prevention mindset.
- Run the prevention approach and fully automate as much as possible, using standard and customized tools. Automation for timely remediation is a key factor in the prevention architecture nowadays.
Anything else that you wish to share with the CyberTalk.org audience?
Despite all technology components, your employees will still be the first line of defense when it comes to phishing attempts. Trust your employees and educate them regularly.
For example, everyone at Check Point needs to pass a repetitive educational/awareness task about social engineering and phishing attempts. We now also offer awareness trainings directly to our customers.
Finally, as I already mentioned in other articles, information security is a never-ending journey. Your starting point might be well defined, but your arrival is delayed, meaning you need to reevaluate and enhance your security measures constantly.
For further phishing insights, please see CyberTalk.org’s past coverage. Lastly, to receive more timely cyber security news, top-tier reports and cutting-edge analyses, please sign up for the cybertalk.org newsletter.