Threat actors understand that one of the easiest and most cost-effective ways to enter an organisation illicitly is by tricking legitimate employees into allowing the threat actor into the infection process and thereby breaching the company’s defences. This premise lies at the heart of today’s phishing attacks, when fraudulent e-mails, purporting to be from a reputable source, induce individuals to unwittingly reveal personal information such as passwords and financial information.
This is according to Anton Jacobsz, managing director of Networks Unlimited, which delivers award-winning Cofense™ phishing defence solutions to the local market. Jacobsz says, “As a security professional, you may very well have wondered from time to time how your team compares to other organisations when it comes to phishing. You may have questioned whether you have the same phishing concerns and even defences in place as other companies. In this regard, Cofense™ has released a very helpful report, putting together responses from more than 100 security professionals who were asked 11 questions about phishing. Their replies make for fascinating and extremely useful information on the topic of phishing and how to combat it, from the perspective of the security professional. Reading this document should give you some excellent tips and insight on how to be better prepared to defend your organisation against phishing threats.”
According to the report, nearly eight in 10 security professionals know someone who has been hit by phishing, often a co-worker[1]. “Security professionals are particularly concerned about e-mails that mimic company messages,” says Jacobsz, “and yet almost half of the companies in the survey sample don’t offer adequate phishing awareness training to their employees[2]. This is unacceptable in today’s digital world, when people are connected almost constantly across a number of different communication tools, including e-mail and social media.
“Companies need to realise that they can’t simply prevent their employees from using these tools to engage with each other, and so their employees need to be empowered with knowledge that makes them more aware of the evolving threat landscape and less susceptible to enticing – or even threatening – messages that cause them click into the wrong place and unwittingly give up personal or financial information.”
Topics covered in the report include the following:
- Personal experience of the security professional with phishing[3];
- Developments making the problem worse[4];
- Challenges in tackling phishing[5];
- Approaches to phishing defence[6];
- The four scariest types of phish[7];
- Five issues with incident response[8]; and
- Growing worries about the Cloud and phishing[9].
The sizes of the organisations represented in the survey were as follows:
- 200 or fewer employees: 22 percent
- 200 to 1,000 employees: 24 percent
- 1,000 to 5,000 employees: 17 percent
- More than 5,000 employees: 37 percent[10].
Of those who took part:
- 52 percent were in IT security;
- 41 percent were in security operations; and
- 18 percent were in incident response[11].
“The report makes for fascinating and extremely useful reading. The time is now overdue for companies to rethink the way they handle the threat of phishing, and understand that their employees need to be empowered into phishing simulation and training programmes to be able to both ignore and report a phishing attempt. As the report most elegantly phrases it: ‘…thousands of organisations train with phishing simulations. Everyone’s a target. Not all become a victim[12]’,” concludes Jacobsz.
To learn more about Cofense’s phishing incident solutions, please visit: https://www.networksunlimited.africa/. To access the white paper, please click here.
[1] http://www.nu.co.za/images/2018/Phishing_Confessions_eBook.pdf
[2] http://www.nu.co.za/images/2018/Phishing_Confessions_eBook.pdf
[3] http://www.nu.co.za/images/2018/Phishing_Confessions_eBook.pdf
[4] http://www.nu.co.za/images/2018/Phishing_Confessions_eBook.pdf
[5] http://www.nu.co.za/images/2018/Phishing_Confessions_eBook.pdf
[6] http://www.nu.co.za/images/2018/Phishing_Confessions_eBook.pdf
[7] https://cofense.com/whitepaper/ten-confessions/
[8] https://cofense.com/whitepaper/ten-confessions/
[9] https://cofense.com/whitepaper/ten-confessions/
[10] http://www.nu.co.za/images/2018/Phishing_Confessions_eBook.pdf
[11] http://www.nu.co.za/images/2018/Phishing_Confessions_eBook.pdf
[12] http://www.nu.co.za/images/2018/Phishing_Confessions_eBook.pdf
Staff Writer