Security experts have warned of a “step change” in the targeting of individuals with spear phishing emails next year which will test IT security teams to the limit.
Stephen Bonner, former global head of information risk management at Barclays and now a partner in KPMG’s cyber security practice, told Infosecurity that attackers will use a “far more deeply personalized form of targeting” in the future.
“Historically there was hope that some of these attacks could be mitigated by staff taking a cautious and suspicious view of unsolicited attachments, but in the next year we will see that no level of caution will be effective if the normal business exchange of files is to continue,” he claimed.
“This means the challenge is on IT security teams to provide an environment where it is safe to open attachments and click on links rather than continue to attempt to educate business users to be careful. Education and awareness continues to be important but not around mitigation of very precise spear phishing attacks.”
He argued that firms need to consider several elements to mitigate the risk of attack.
These involve fortifying email and web gateways, and desktops.
“Are macros, executable code in display documents and all file types actually required? Can content from the outside be cleaned before it is delivered? Can companies help push standards bodies to reduce unnecessary functionality in file types?” he said.
“Can desktops be hardened to reduce the risk of compromise if such content gets to the desktop and is opened? Can external content be processed in a sandbox that is thrown away? Can virtual desktops that are wiped and re-set to known good regularly be the right approach? Is it time for greater whitelisting in desktop environments?”
Firms also need to get better at spotting lateral movement inside their environments, he argued.
“Should office automation environments be entirely segregated from key business process systems? What can be done to identify compromised workstations and return them to a safe state while allowing investigations about what is being targeted in the environment?,”Bonner added.
“How can the impact of a compromised account be reduced by limiting the data that is available?”