With the ever-increasing threat from cyber criminals, cyber defences are becoming stronger and stronger every year, and rightly so. Even the smallest of companies can now have access to advanced anti-malware and intrusion detection tools that until recently, were only within the reach of larger enterprises.
Companies may have secured their network with firewalls, anti-virus, anti-malware. However, as network perimeters and endpoint security increases, attackers are focusing their efforts to go after the weakest link, the users. Unfortunately, the human firewall is not as reliable, therefore it really is the case that employees are the weakest link in IT security.
Phishing is an extremely popular and effective social engineering attack, which will continue to threaten organisations of all types and sizes. In fact, 91% of cyber attacks start with a phishing email. This is the go-to choice for cyber criminals targeting an individual directly, or as an entry point into an organisation.
So, let me first explain what phishing is; Phishing is a type of cybercrime which targets an individual via email. These emails are spoofs, created to resemble a genuine email from a reputable source. The spoof emails include malicious links, which trick individuals into providing access to sensitive data. The end goal for the cybercriminal is to access information which can result in financial loss, reputational damage or identity theft.
Thankfully, all organisations can take steps to reduce the risk of falling victim to a phishing attack, and phishing awareness training for every employee should be a top priority. Phishing awareness training is designed to teach your employees how to treat emails with suspicion, enabling them to spot the tell-tale signs of a phish.
What is involved with this training? Simulated phishing campaigns mimic email attacks using advanced software and techniques. The simulated emails are built on individually customised templates and are sent out over several months for optimum results. This is combined with user awareness training and monthly reporting. The result of this is to dramatically increase staff awareness and in turn, reduce the risk to the business from the threat of phishing emails.
The average click rate on a phishing email is just below 30%, which is fairly shocking. Although it is very unlikely to get this to 0%, by improving staff awareness, reducing the click rate to single digits is a very achievable task.