Israel

  • Print Friendly, PDF & Email
  • Send to Kindle

Israeli Company Develops System for Protecting Computer Networks from Phishing Attacks

by ISRAEL21c |

Hackers use “spear phishing” to acquire usernames, passwords and credit-card details. They target specific individuals within an organization, using information available on sites such as Facebook, LinkedIn or Twitter, or stolen from an acquaintance of the target, to create messages that appear real.

The answer to the spear phishing scourge, says Eyal Benishti, founder and CEO of Israeli security startup Ironscales, is education and training. Ironscales has built an automated system to teach users how to spot a fake email and not click on a link that will lead to viruses.

It’s not an either/or situation—Israeli security powerhouse Check Point Software is not in danger of losing its cybersecurity business—but people-powered malware defense needs to become part of a complete solution, Benishti argues.

“Where traditional systems fail, employees can succeed. Our brain is the best anti-fraud system that exists inside of any organization.” Benishti claims that companies whose employees have gone through Ironscales training can see up to a 90 percent reduction in the click rate on fraudulent links.

Spear phishing is different than traditional phishing, where the hacker doesn’t care what he gets as long as it is usable. Of the estimated $70 billion spent annually on IT security, nearly all goes to traditional defenses like firewalls, blacklists, anti-virus, anti-spam and security gateways. But they are mostly defenseless against spear phishing.

To counter this phenomenon, Ironscales sends fake emails to company employees; no two employees receive the same emails at the same time. If a recipient suspects a hoax and does nothing, Ironscales delivers increasingly sophisticated messages trying to get the employee to click. Anyone who finally falls for the ploy gets redirected to an informational screen with a short interactive tutorial.

Benishti calls the most vigilant employees—those who never fall victim to an attack—“Iron Traps.”

If an Iron Trap presses the big red “Report Phishing Attack” button at the top of his email client, that email will be eliminated from all computers company-wide. If two employees with a high ranking, but who are not yet Iron Traps, both report an email, it also will be trashed.

Everything is tracked through a centralized dashboard in the IT department, and employees are notified that a program will be starting (and can opt out). Ironscales runs as SAAS (software as a service), meaning it’s operated remotely and nothing has to be installed by the company.

Benishti suggests that if Sony had the Ironscales system in place, and a vigilant Iron Trap had spotted an initial phishing attack, the company’s debilitating 2014 data leak might have been prevented.

Ironscales was founded in 2013, launched the following year, and currently has 10 paying companies in Israel in the banking, telecom, insurance and capital market sectors. An online gaming company in the UK is an Ironscales customer, and the company is now signing up its first U.S. customers.

Pricing is based on an annual license that starts at $15 per user but goes down as volume goes up. Remarkably, Ironscales has never taken any outside investment, and Benishti says his three-person company is profitable.

Note: An earlier version of this article stated that PhishMe, a competitor to Ironscales, does not have Ironscales’ “mitigation button” feature. This is not true—both companies have this feature.

(via Israel21c)

[Photo: Jason Brainard / YouTube ]

tt