1. Take advantage of artificial intelligence (AI)
Find a solution that detects and blocks spear phishing attacks including BEC and brand impersonation that may not include malicious links or attachments. Machine learning tools can analyze communication patterns in an organization and spot any anomalies that may be signs of an attack.
2. Don’t rely solely on traditional security
Traditional email security that uses blacklists for spear phishing and brand impersonation detect may not protect against zero-day links found in many attacks.
3. Deploy account-takeover protection
Find tools that use AI to recognize when accounts may have been compromised, to avoid more spear phishing attacks from originating from those accounts.
4. Implement DMARC authentication and reporting
DMARC authentication can help prevent domain spoofing and brand hijacking, which are common techniques used in impersonation attacks.
5. Use multi-factor authentication
Multi-factor authentication adds another layer of security over a simple username and password, and is an effect security measure.
6. Train staffers to recognize and report attacks
Identifying and reporting spear phishing attacks should be part of any security awareness training. Businesses can use phishing simulations for emails, voicemails, and text messages to train users to identify them as well. Businesses should also have procedures in place to confirm any monetary requests that come via email.
7. Conduct proactive investigations
Because spear phishing attacks are so personalized, employees may not always recognize or report them. Companies should conduct regular searches to detect emails with content known to be common among hackers, including subject lines related to password changes.
8. Maximize data-loss prevention
Combine technology solutions and business policies to ensure emails with confidential or sensitive information are blocked and do not leave the company.