Summary: Phishing has become one of the most favorite methods for hackers to get into any company’s network in order to break their security from the inside. There are many incidents of company important data being stolen just because one employee received a phishing email and clicked on the link provided in such an email. It can be a major threat for a company if they can’t protect their network from any potential phishing attacks. Cofense provides a security solution for companies to defend their organization against possible phishing attacks using the collective human intelligence.
Phishing is a type of cyber attack that enables hackers to steal important information like username and password from a susceptible person. Hackers will send phishing emails to their targets, masquerading as legitimate emails from some well-known organizations. Within the email message, there will be the link that leads to a fake website mimicking an original website owned by a legitimate company or organization. So, when the target clicked on the link, they will think that they are visiting a legitimate website, while in reality, they are visiting a fake website.
On such a fake website, the target will then enter their username and password thinking that they will be able to log in to their account as usual. But, this is where the hackers will start their attacks. Since the target has entered their username and password on the fake website owned by the hackers, such an important information has been transmitted to the hands of the hackers. This is how hackers got their way into someone’s account and steal the important information that they have.
Phishing attacks have become very common in companies and organizations. Hackers are getting creative in their way to lure their victims to click on the link on the phishing email, as well as enter their important credentials into their fake website. Unfortunately, there are still many employees that are susceptible to these phishing attacks because they have little knowledge about cyber security or the cyber security best practices. This is where Cofense appears into the scene. Cofense provides security solutions that help companies protect their organization from various phishing attacks, as well as mitigate the risks quickly when such attacks occur.
We have interviewed Tonia Dudley, Security Solutions Advisor at Cofense, to explain to us more about what Cofense is and how it can help companies in defending their organization from phishing attacks.
A Bit of Background Story about Cofense
As the protection system against phishing attacks becomes increasingly important for any company or organization, Cofense was built with this urgent need in mind. This company was founded in 2008, offering the suite of protection system for companies against the increasingly common phishing attacks that might cause a devastating data breach both for the organization and the customers.
However, the thing that is different about Cofense is that it offers a revolutionary strategy of preventing phishing attacks and mitigating the risks involved in such attacks by using the collective human intelligence. This is what makes this security solution to become the best in-class when it comes to dealing with possible phishing attacks in companies or organizations. It also has the system to stop the attacks intelligently whenever it occurs. So far, Cofense has served about 2,000 clients from around the world, and it has seen an increase in the number of their customers in recent years.
Tonia Dudley explained to us about the background history of Cofense,
“Founded in 2008, Cofense offers a collective defense suite that combines incident response technologies with timely attack intelligence sourced from employees to stop attacks in progress faster and stay ahead of breaches. Over the last 12 months, Cofense has accelerated its efforts to bring reliable, best-in-class phishing defense solutions to organizations across the globe, and as a result, the fourth quarter (2018) and first quarter (2019) were the two most successful in the company’s history. Cofense now has close to 2,000 clients in more than 150 countries, representing every major vertical from energy, financial, healthcare to manufacturing and high technology.”
The Most Common Challenges when Dealing with Online Phishing
With the advancement of internet technology comes also the sophistication of online phishing attacks. Hackers have lots of new tricks up their sleeves when it comes to choosing their targets for their online cyberattacks and how they can deliver the phishing emails so that it can reach the key people in the target organization. Phishing attacks have become even more challenging than before.
There are several factors that make it easier for hackers to succeed in their phishing attacks. For instance, when the company’s security infrastructure doesn’t provide any MFA (Multifactor Authentication) system for their company’s accounts, it can be an easy way for hackers to gain access to their company’s network using trusted credentials that they have stolen. Sometimes, companies don’t even have the MFA system in place for their IT staff or privileged users, which creates a big risk for data breach. Meanwhile, employees that don’t have any training in dealing with phishing attacks can also make it easier for hackers to target their company or organization.
Tonia explained about the most common challenges faced when dealing with phishing attacks,
“Threat actors are constantly adjusting their campaigns to bypass common technologies, and as the infrastructure perimeter extends to the cloud, organizations should consider multifactor authentication (MFA). This is especially critical for their IT staff that have privileged access. Once a threat actor gains their credentials, they then have access to the environment as a trusted user. Password managers and MFA aren’t easy to implement but can have a positive impact on protecting the organization. At a minimum, organizations should start with their privileged users, then higher risk business functions and finally the full organization. Phishing training is also key, and this is one type of scenario that should be used to training users to avoid giving up their credentials to a malicious threat actor.”
The Evolution of the Cyber Security Landscape and the Future of Cyber Security
While the threats around cyber security remain more or less the same today, the methods employed by hackers to steal the credentials of their victims have evolved over time. Back in the days, hackers might need to infiltrate the company’s internal network in order to obtain the credentials that they need, but nowadays, it is much simpler for them. As many companies have used cloud storage services for their business operations, hackers have turned their targets to the cloud as well.
Nowadays, what hackers are trying to do is to steal the credentials of their victims via the cloud services that they use. This way, they will be able to obtain the legitimate access to various connected services as well. This is what makes today’s cyber security even more challenging for security providers.
Tonia Dudley shared with us about how cyber security landscape has changed and what the future of cyber security may hold,
“As organizations continue to move to cloud services, we see threat actors going after cloud credentials. We are also seeing threat actors use popular cloud services like SharePoint, OneDrive, Windows.net, to host phishing kits. When the threat actor can obtain credentials, they are able to log into the hosted service as a legitimate user. Security teams don’t always have the same visibility to logs and infrastructure as they do when the infrastructure is hosted on premises.”
The Cofense Security Solution That is Designed Specifically for Cloud Infrastructure
Tonia Dudley shared about the information related to the Cofense security product that is designed specifically to protect against cyberattacks that are targeted toward cloud-based network system.
“With the availability and ease of use to sign-up for many cloud-hosted solutions, the security team can be blind to their exposure of data hosted off-premises. Cofense developed a free utility last year called Cofense Cloudseeker that allows the security team to gain visibility into the cloud services their organization is using.”
With various cloud-based solutions for companies or organizations to use, which can make their business operations a lot simpler and easier to manage, it also brings new threats to the organization’s security system. When their system is integrated with the cloud system, it means that any hacker that can obtain the cloud login credentials can infiltrate the company’s network from anywhere. It is a real threat that needs to be prevented as early as possible.
This is where the Cofense Cloudseeker comes into place. It is a security solution that companies can use for free in order to monitor the company’s cloud services in real time. This way, any unauthorized breach can be prevented by checking the login information using this handy security tool from Cofense.
What Makes Cofense Difference from the Other Cloud Security Solutions
Cofense provides the complete security solutions for companies that want to prevent any phishing attacks, as well as mitigate such attacks when it occurs. It uses the human intelligence technology that will help to identify any phishing attacks before it can cause any devastating data breach for the organization. It also provides various programs that help employees of the organization to become more aware of this type of cyber security threats.
Not only preventing phishing attacks, Cofense also helps to mitigate any risks associated with such attacks, ensuring that it won’t cause further damage to the company’s infrastructure and assets. So, not only it provides the necessary security tools for companies to protect their network from phishing attacks, it also provides knowledge-base and training programs for the employees to learn more about this type of cyberattacks.
As we wrapped up our interview, Tonia Dudley explained to us about how Cofense is different from any other similar online cloud security solutions,
“Cofense solutions focus on the phishing threat landscape, providing training that allows an organization to prepare its workforce to identify suspicious emails. We also provide a method to allow users to quickly and easily report a suspicious message to their security teams. Our Cofense Intelligence solution provides indicators of compromise, and a threat’s tactics, techniques and procedures to organizations to proactively mitigate a phishing threat. Included in this solution is a focus on credential phishing, alerting our customers to known phishing tactics targeting organization credentials.”