Employee Insights: The Skills Needed To Analyze Phishing Campaigns

Threat Hunting Solution

Phishing Campaigns Are No Match For Analysts With These Skills

Phishing campaigns are all too common these days. A look back at 2020 showed that 75% of companies globally suffered from an attack. In the United States, 74% of attacks were successful, a 14% increase from 2019, proving bad actors are getting smarter and using more sophisticated attacks. When global security leaders were asked about the consequences of an attack, 60% reported a data loss, 52% had accounts or credentials compromised, 47% became infected with ransomware, and 18% suffered a financial loss.

When it comes to the financial impact of a phishing attack, RiskIQ puts costs at $17,700 per minute on average. According to IBM’s 2021 report, Business Email Compromise (BEC), a specific type of phishing attack, costs companies an average of $5.01 million.

Given the seriousness, severity, and frequency of phishing campaigns, it’s imperative to have the right team in place – a team of analysts that can identify and mitigate any attack. So, what skills and abilities should analysts have to properly analyze phishing campaigns?

The Expert Email Analyst

With 96% of all phishing attacks delivered through emails, companies need to have at least one analyst who is well-versed in every technical aspect of emails. Deception can be worked into an element of a phishing email, so being able to quickly and effectively determine legitimate versus fake content is paramount.

The security data analyst must be able to decipher the information in an email header. By performing header analysis, this employee can identify critical tracking information including time-stamps, IP addresses, email clients, and the various mail server paths the email took before landing in an inbox. This person should also be able to set up a secure SMTP with an SSL (Secure Socket Layer) or TLS (Transport Layer Security) encryption protocol.

Your analyst will need to possess the necessary skills to investigate each link and attachment contained in the email. They should know how to perform this kind of investigation in an isolated environment. By following the trail, they can determine the path recipients are directed down and analyze websites to determine if they are malicious. With email-based phishing campaigns, attachments including Windows executables, script files, Office documents, PDFs, and many more, can contain malware, so familiarity with all file types is necessary.

Big Data Analysis & Automation Skills

Even after thoroughly inspecting every element of a potential phishing email, the work is hardly over. Every company needs to have an analyst that can take the investigation to the next level. That entails searching through the entire organization, determining which employees may have improperly engaged with the email, and understanding if the campaign has spread to other places in the business.

The analyst must be comfortable working with different IT security systems so they can perform in-depth research across logs, networks, and devices. Manually going through this process will be cumbersome and arduous, so if your analyst has automation skills, they can automate the process. When every minute counts and the cost of an attack can quickly skyrocket, automation saves precious moments. If an attack is already underway, a cyber data analyst must use forensic and automation tools to analyze the scope of the intrusion. Their big data analysis skills will come into play as they gather evidence and evaluate historical and present data.

It Takes Two (Analysts)

Small and medium-sized companies might not have the ability to employ a large security team, but with the prevalence of phishing scams and the high cost of the damage they can create, this is not an area where you should skimp and save. When looking to hire, keep in mind that if budget is a concern, your objective should be to employ a minimum of two analysts. One security analyst should be responsible for investigating the small details. The other should focus on seeing the bigger picture.

In an ideal situation, your business would have both a Digital Forensic and Incident Response (DFIR) and a monitoring team to work together and provide proactive and reactive security. That’s how we approach cyber security at CYREBRO. Our two teams work side-by-side, keeping watch over organizations’ complete environment to identify any potential system intrusions -phishing or otherwise – and respond quickly to mitigate the impact of an attack should one occur. Although not every cyber company approaches security the same way we do, we’ve found that this combination provides the best defense

Sign Up for Updates