Kevin Mandia: Detect Spear Phishing, Lock Down CEO Email To Stay Safe

Spear phishing remains the most common way for adversaries to compromise organizations, and businesses need a technology or two that are exceptional at detecting it, says FireEye CEO Kevin Mandia.


Solution providers should invest in spear phishing detection and reducing their customer’s footprint on the internet to keep clients safe, according to FireEye CEO Kevin Mandia.

Spear phishing remains the most common way for adversaries to compromise organizations, Mandia said, with the threat actor creating a targeted message that dupes the person of interest into opening a dangerous attachment or clicking on a malicious link in an email.

“You can train people all day long, but ultimately, you’ll want to have a technology or two that are exceptional at detecting spear phishing,” Mandia said Monday at the 2019 Best of Breed (BoB) Conference, hosted by CRN parent The Channel Company.

Sponsored post

[Related: 10 Hot New FireEye Tools Unveiled At FireEye Cyber Defense Summit]

The best attackers in the world are usually focused on the most influential 5,000 people in the world, Mandia said, which could include elected officials, corporate executives, and other wealthy individuals. And well-connected people are typically in more danger of a mobile attack when in close physical proximity to an adversary based on Bluetooth protocols and how the device is set up.

“When the best attackers on the planet are targeting certain companies and people, they have the advantage,” Mandia said.

One nice, clean way Mandia said executives can avoid getting spear phished is by regularly clearing email in their iOS device. Another precautionary step Mandia recommended is locking down CEO email so that it can only be viewed on a specific device and nowhere else.

Apple’s iOS allows for the most control since it’s a closed ecosystem, Mandia said, while the Windows OS has gotten a whole lot better, with the latest version of the OS being good from a control standpoint. For users that can’t help themselves from clicking on links and attachments, Mandia said it’s best to do so on a device like an iPad.

“The way you get compromised is that you hack yourself by accident, clicking on a link or opening an attachment thinking it’s from somebody that it’s not,” Mandia said. “What do I recommend? Shut the front door with a small internet presence and detect spear phishing.”

Meanwhile, Mandia said the second most frequent way attackers break into a network is by having valid credentials in the first place. User accounts and passphrases from previous compromises of public service providers like LinkedIn have been disseminated, and if the same user ID-password combo is still being used on for accounts, Mandia said the adversary will try to get in.

Adversaries can also get their hands on valid credentials should a supply chain get compromised since the typical business works with between 50 and 100 other businesses, Mandia said. And if any one of those third parties gets compromised and has a valid credential to the organization’s network, Mandia said the company could find itself in trouble.

“If you can be compromised, you will be compromised,” Mandia said. “And if someone can make money off that compromise, they’ll try to monetize it.”

High Touch Technologies is interested in partnering with vendors like FireEye to build out a security operations practice that helps clients avoid becoming the next victim of a high-profile breach, according to senior vice president and CIO Kevin Colborn.

The Wichita, Kansas-based solution provider works with a local unit of the Air National Guard that conducts ‘red team’ adversarial threat simulation exercises, and Colborn believes there are opportunities to extend these exercises to High Touch’s civilian customers. Simulations that incorporate social hacking to trap or manipulate customers could be a particularly good fit, according to Colborn.

“There’s a lot of sketchy actors out there,” Colborn said. “We need to ensure customers are doing their due diligence.”