Advanced persistent threats (APTs) are a growing problem in the world of information security. APTs are groups that are capably of effectively targeting a specific entity. APTs may range from nation-states to organized crime and may threaten the security of an organization in a variety of ways. Sensitive data is commonly targeted by APTs, causing monetary and reputation damages to affected organizations. APTs may steal intellectual property, financial details of customers and employees, organizational strategy information, or any other type of confidential data. Many attacks by APTs begin with a spear phishing attack against a member of the organization. Spear phishing attacks may use personal information about a targeted member of an organization to individualize the phishing attack, giving the attack a greater chance of success.
Traditional systems for preventing phishing attacks are seldom capable of securing organizations against individualized phishing attacks such as spear phishing. Many traditional systems may focus on preventing generic phishing attacks against the entire organization, and may lack the fine-grained controls necessary to prevent more specific phishing attacks. Traditional systems may not be capable of identifying which members of the organization may be likely targets for phishing attacks. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for protecting organizations against spear phishing attacks.