At the recent FS-ISAC Fall Summit in Baltimore, Maryland, many attendees—whether banks, insurance companies, or other financial services institutions (FSIs), such as brokerages—expressed their concerns about phishing attacks.
But, really, they weren’t worried about phishing attacks, but the damage that a phishing attack can deliver. The reality is, while a phishing attack by itself is problematic and scary, it’s just an email. It’s what phishing emails deliver that is the real threat: web malware, credential theft, ransomware, and more malevolent payloads.
Continuous user training to identify, react to, and report phishing emails is helpful. However, studies have shown that, even if users are aware of the dangers lurking within emails from unknown senders, and the risks associated with clicking on unknown web links, they will still open those emails and click on those links nearly half of the time. Plus, with more readily available and in-depth social engineering to enhance phishing emails, the likelihood of users opening those emails and clicking on links or downloading attachments within are greater than ever. That is, if they even remember their cybersecurity training.
And, detection technologies are not foolproof. Cyber attackers are becoming more sophisticated in their “now you see me, now you don’t” game versus security tools, even developing ways to stymie the latest machine learning, algorithm-driven security tools and disguise their malicious intent in phishing attacks. Malware developers are coming up with new ways daily to circumvent standard detection technologies, with nearly 50 percent of new malware having the ability to hide from detection by standard anti-virus tools, or are considered new or zero-day threats.
Unfortunately, all it takes is for one phishing email to make it into users’ in-boxes, and for only one user to forget their security training, open an email from a phishing attack and click on a malicious web link, or enter their credentials in a fraudulent phishing website, or download a malware-laden attachment – even if the attachment appears to be from a trusted user they may even be emailing with – and an organization’s business, customers, hard-earned reputation, revenue, and even cash – due to regulatory fines, lawsuits, or settlements – to be lost.
At FS-ISAC, another question that was asked very often was, “What does Menlo do?”
Well, Menlo Security makes it safe to click.
What this means is, Menlo can protect users and their organizations from the threats and dangers lurking within phishing emails, even if a user inadvertently or absent-mindedly opened a phishing email and clicked on a web link, or downloaded an attachment from that email.
During his talk and presentation with Menlo Security’s Chief Technical Office, Kowsik Guruswamy, one of our banking customers, Karl Kemp, discussed his journey and experiences in-depth with isolation. Mr. Kemp mentioned that Menlo Security’s isolation platform has decreased the need for re-imaging devices that had become infected by inadvertent or indiscriminate clicking on web links in emails, saving time, user productivity, and cost.
To learn more about how Menlo makes it safe to click, protecting users and banks, insurance companies, and other FSIs – and even their supply chains – from the threats associated with phishing, please review the Best Practices Guide to Isolation for Financial Services Institutions (FSIs).