I wrote recently about an attack on utility companies by crafting a clever email aimed at specific engineers. That could easily happen with software developers and IT pros, which is why I think it pays to be extra cautious when dealing with any communications that come from others. Whether emails appear to be from internal or external users, phishing is a real concern for those of us that have privileged access to systems, and it should continue to be a concern for the foreseeable future.
I ran across an article that talks about some of the defenses that you can implement. Certainly education is key as one person noted in a comment on my previous article. They said their security department sends around pictures of phishing emails. That’s a good idea, but the volume might be overwhelming in today’s heavily probed environments. I think it would be easy for me to make a mistake after seeing too many examples and when I’m expecting some communication from someone and I get a phishing email on that topic. Still, educating users with privileged accounts know this is a regular occurrence is a good idea.
I know in larger companies, there ought to be some group that knows about phishing issues in depth and centralizes information. Having a support channel (email, Slack, whatever) for people to contact when they have questions is a great idea. I know I do sometimes contact my IT group if I’ve gotten something that seems suspicious. Letting some central group manage reports and provide information also allows that group to help keep a list of sites that should be blocked more up to date. If someone is clicking through but there are blocks to prevent access to links, or even communication from trojans, this can mitigate some of the issues.
Perhaps the best idea, however, is to ensure that backups are taking place and restores can be performed. We know this is critical for databases, but other types of data you use might be valuable as well. While I know that my Drop Box and One Drive folders might get hit with ransomware, I also know my subscription allows me to restore older versions, which hopefully would be un-encrypted.
Security is a constant battle, and the criminals continue to come up with new attack techniques, often with success. Ensure you remain vigilant, educated, and help others in your organization to do so as well.