Building a Strong Phishing Defense

One of the most prevalent vulnerabilities that we exploit to get into clients' are phishing campaigns.

We aren't the only ones phishing corporate networks either, with 66% of organizations experiencing phishing attempts in 2020, according to ProofPoint’s 2021 State of the Phish Report. Despite training and awareness campaigns educating users about phishing threats, these attacks are still one of the most tried and true methods employed by threat actors for a simple reason… they work. Which brings us to one of the most common questions our team encounters.

Outside of mock phishing and awareness campaigns, what are other strategies and tactics that are available to reduce their vulnerability to phishing attacks?

Increased Email Filter and Security

Many of our clients are currently using Microsoft's Office 365 as their email exchange service. Office 365 is a great service, after all it has some incredible team collaboration tools that are just hard to beat. However, Microsoft’s E5 security services for Office 365 leaves a lot to be desired. This is worrying considering that 94% of attacks on organization start with email. Another worrying statistic that was brought up in a recent Mimecast webinar is that 28% of emails delivered after being scanned by Microsoft’s E5 security are spam, phishing, malicious files, and ransomware. This also is an applicable statistic over the different organization segments, ranging from small businesses to enterprises. Because of this, we suggest that companies add another layer of security to their email services, as well as an increase in user training and awareness – while technology will never full protect phishing emails from getting through, the combination of educated end users and strong filters is a great start to protecting your organization from phishing attacks.

While there are a number of vendors and services out there, Mimecast is the preferred platform that our team uses internally, as well as the one that we suggest clients utilize. Mimecast specializes in cloud-based email management for Microsoft Exchange and Office 365 with the email security service covering email filtering as well as user training, helping to lower the effect of phishing attacks on your users. The service helps to protect users by running on top of the Microsoft Exchange and O365 and helps identify malicious emails. According to Mimecast, their service is able to find an additional 28% of emails that passed through Microsoft's E5 security that can be identified as spam, phishing, malicious files, or ransomware. Mimecast works as a sandbox, stopping messages at the perimeter so that possible threats do not reach the actual mailbox environment. However, this is only one of the four attack vectors that Mimecast defends against.

The next attack zone that is protected is in the mailbox and network of an organization. These attacks usually target users, and so Mimecast offers their Security Awareness Training to help mitigate this risk. It is also worth noting here that organizations that provide engaging security awareness training to their employees are five times less likely to suffer an attack. The next zone is beyond an organization's inbox and deals with email domain spoofing and brand exploits, where attackers will act as an organization by imitating either a style or domain name to trick users into trusting them. The last zone deals with APIs, and connected ecosystems. This deals with security that can extend and integrate with other security controls, giving an organization protection with their integrated solutions and services.

Improved User Training

Besides email filtering, the other suggestion we have is increased user training as human error is something that malicious actors depend on in order to get into networks. Even with a great email filtering system, attackers are still able to get some content through, and can force unknowing users to activate an attack. Evaluate your current training program and have a combination of security awareness materials that support your mock phishing campaigns. When developing your simulated phishing attacks take the time to make them complex and relevant to your employees. Remember, if your end users aren't trained to be ready for an attack, neither is your organization.

How Can Schneider Downs Help?

If you have any questions, we are here to help! In addition to our services and software solutions, our team offers a diverse library of complimentary cybersecurity resources including case studies, whitepapers and security awareness materials. You can explore the library at

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit or contact the team at [email protected].

If you suspect or are experiencing a network incident, our Incident Response Team is available 24x7x365 at 1-800-993-8937.

Want more cybersecurity content? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, for the latest insight and news in the cybersecurity world.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2023 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
SEC Charges SolarWinds and CISO Timothy Brown For Misleading Investors
Think Before You Click: Fake Browser Updates are Back in Style
Protect Your Manufacturers: 3 Common Cyber Attack Methods to Watch Out for in 2023
Protect Your Students, Faculty and Staff: 3 Common Cyber Attack Methods to Watch Out for in 2023
Protect Your Retail Business: 3 Common Cyber Attack Methods to Watch Out for in 2023
Cybersecurity in the Construction Industry
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.