How to catch a Phish
With the media attention Cyber Crime has been given over the past 12 months it is clear that the risks are increasing all the time. According to IBM, Cyber Crime is now worth an estimated $450 Billion per year and more worrying is that it’s not showing any signs of slowing down.
There are many forms of Cyber Crime, which require a technical based response; you will be told that you need stronger passwords, better perimeter IT security, additional security software, regular security reviews, email cleansing services, anti-virus and anti-malware software etc.
But no matter how much technology you have or how good it is, there is one form of Cyber Crime that targets the human element of your systems and that’s Phishing.
So what is phishing? Phishing is a fraudulent act whereby emails are sent to individuals posing as reputable companies or as people known to you in your organisation to gather personal information from you such as passwords, credit card numbers or even requesting money transfers to companies you would normally deal with. More recently Phishing emails have been used as a delivery method Ransomware further increasing the security and business risk.
Over the past decade, phishing attacks have evolved to become highly sophisticated making it challenging for even the most well informed of people to spot them especially if the emails are in context e.g. you are already banking with HSBC, you have just bought something using PayPal, your trusty IT people advise of a password change etc.
The success of these kind of attacks has increased over the last few years as more and more of us use modern communication techniques.
You may be thinking, “What can we do about it?” Well, education through a process of continual testing and training is key. By monitoring and measuring staff behaviour and response to artificial phishing emails, we can track their actions and determine the degree of risk and the right level of education based on their behaviour.
So how does it work? After an initial bench mark of Phishing results from the first Phishing test, the programme will then run continuously typically monthly in a continuous cycle through- testing, reporting and education… Over time, awareness and education will improve and this naturally reduces company risk.
By combining technology, alongside user awareness and education programmes, the chances of a successful Phishing attempts can be drastically reduced.
If you’re interested in finding out more our friendly sales and technical teams are more than happy to discuss our approach with you.