According to the Federal Bureau of Investigation, phishing scams are on the rise – and such cyberattacks are only getting more sophisticated. This form of social engineering, where bad actors impersonate clients, colleagues, or other reputable entities, too often results in employees revealing sensitive information, installing malware, or providing attackers entry to a company’s network. When a busy employee of this international development foundation in Palo Alto received a legitimate looking email asking for his login credentials, he entered his username and password without question. Moments later, distracted by other work, he automatically approved the multi-factor authentication request on his smartphone. In doing so, he inadvertently gave a bad actor direct access to his email account.
The foundation engaged Xantrion earlier last year to provide information technology services, including managed security services. As part of their 24/7 security monitoring program, Xantrion employs behavioral analytics that automatically detect logins from suspicious locations or devices. Since the bad actor logged in to the employee account from overseas, Xantrion received an alarm regarding the login and locked the employee’s account and scrambled the password within minutes.
Xantrion prides itself on having close personal relationships with its clients. Those relationships play as pivotal of a role as the technology in identifying and remediating cyberattacks with limited disruptions. For example, after noting the suspicious activity and taking initial protective steps, the Xantrion team got in touch with the employee to fully assess the situation. As the foundation does international work, there was a possibility the login was legitimate. After speaking with the employee, however, the team confirmed he had been the victim of a phishing attack. Xantrion rapidly deployed forensic tools to uncover what data had been accessed, whether any files had been downloaded, and or if the bad actor had sent any emails from the employee’s account.
Fortunately, Xantrion soon validated that the actor had not been able to access anything but the employee’s mailbox. With that knowledge in hand, they quickly remediated the compromise and restored email access to the employee the same day.
Thanks to its close client relationships and 24/7 security monitoring and automatic detection capabilities, Xantrion was able to respond to the security incident at the foundation within minutes and re-secure their email system within hours. As a result, the foundation avoided the reputational damage and millions in financial losses that typically accompany successful phishing attacks. Instead, incident impact was limited to a single employee not having access to email for several hours.
To prevent phishing incidents in the first place, Xantrion also provides security awareness training for the foundation. This training includes sending faux phishing emails to employees on a recurring basis. If an employee is fooled by a training email, they are then asked to complete additional training to help them better discern when an email is not legitimate and prevent potential breaches in the future.