Blog: Be Phishing-Resistant
Be Phishing-Resistant

How to protect yourself from malicious cyberattacks.

Author: Brian Dagan
Senior IT Security Consultant, FSi Strategies

Phishing is one of the most common and effective cyber threats facing businesses today. These attacks usually take the form of an email that appears to be from a familiar source and coaxes the target to download a file or click a link that steals their data. According to a 2023 Cloudflare report, it’s estimated that 90% of successful cyberattacks start with e-mail phishing—resulting in anything from a loss of confidential business information and/or employees’ personal data, financial hardship (often inflicted via social engineering leading to ransomware), and reputational damage—often in very short order. A 2023 Secureworks report shows us this frightening modern reality: the time taken between an attacker gaining a foothold in your environment to the deployment of ransomware has fallen to around 24 hours—and for 10% of incidents, as little as five hours!

At FSi, we can help your organization deploy robust security controls to combat these attacks, such as phishing-resistant MFA (multi-factor authentication) with Microsoft Authenticator, automatic detection & remediation of suspected account compromises, link and attachment scanning, and more—but much of this should be considered basic security hygiene in today’s world. Amidst the complexities of implementing and maintaining this secure baseline, we can often overlook the fundamental human element.

Your employees are often the last line of defense against sophisticated phishing attacks that manage to evade even the most modern scanning and filtering engines. That’s where user education comes in. Using Microsoft Defender for Office 365’s attack simulation training deployed by FSi, we’ll help you configure and run safe, repeatable, and realistic phishing simulations in your organization. We’ll provide the metrics and insights necessary to identify your most vulnerable individuals and departments and institute automatic, mandatory, targeted user training selected from an ever-growing catalog of best-in-class training modules from Microsoft specific to the phishing simulation attack technique employed during the phishing simulation.

An added benefit of leveraging FSi’s phishing simulation & training offering is that it builds good habits—namely, your users leveraging the Report Message button in Outlook to report phishing simulations (metrics on “who spotted the phish” are available) has a knock-on effect of an increased likelihood of users reporting legitimate phishing e-mails that squeaked by existing defenses. For targeted phishing (spear phishing) campaigns against one or a small handful of employees, this can be a lifesaver—Microsoft will automatically re-scan the message, search for other targeted users and automatically purge the malicious message from their mailbox. If they did click links or open attachments in the phish, this helps prioritize the incident investigation and remediation activities in Microsoft Defender.

At FSi, we believe that user education is only a piece of the security puzzle. Having the right protection, detection, and response tools in place is crucial, and with our extensive experience in implementing Microsoft’s fully integrated, industry-leading security solutions, you can count on FSi to be your trusted partner in improving your organization’s security posture.

Contact us today to learn more about how we can help protect you and your organization from phishing and other cyberattacks.