Roger Grimes explains “Why phishing attacks are nastier than ever.” Here are they key reasons why many infosec professionals consider spearphishing emails the number one attack vector:
- The attack is handcrafted by professional criminals
- The attack appears to be sent by someone you know
- The attack includes a project you are working on
- Your attacker has been monitoring your company’s email
- Your attacker can intercept and change emails as needed
- Your attacker uses custom or built-in tools to subvert antivirus software
- Your attacker uses military-grade encryption to tunnel your data home
- Your attacker covers their (sic) tracks
- Your attacker has been in your environment for years
- Your attacker is not afraid of being caught
Roger does have some good administrative process recommendations. I would also recommend a couple of advanced technical controls.