Email phishing is a top threat to organizations because it works so well, according to Neil Wynne, principal and analyst for secure business enablement at Gartner. Wynne told Stephanie Kanowitz at GCN that phishing is an easy and effective way for attackers to gain access to a network. These attacks are growing increasingly sophisticated as criminals adapt to security technologies designed to block them.
While the term “phishing” encompasses a wide range of social engineering techniques, it’s most commonly associated with email. Email phishing is one of the most prevalent and well-known types of social engineering, largely due to flaws in the underlying protocol of email itself. The Simple Mail Transfer Protocol was designed over thirty years ago and didn’t include mechanisms to authenticate senders. Some important security protocols have been developed to address this issue, but they aren’t universally implemented and they aren’t foolproof. Technical defenses should be used in combination with employee education and training to ensure that every surface is covered.
“Technology can be used to help prevent users from being exposed to these attacks to begin with, but this will never be 100% effective,” says Wynne. “The human brain can be trained to detect malicious intent better than even the most advanced machine learning model. Of course, education isn’t foolproof either and some attacks are so well crafted that they are not only able to bypass advanced technical controls but can even trick the most well-educated users.”
While there’s no all-encompassing solution to prevent phishing attacks, new-school security awareness training is one of the best tools that organizations can use to defend themselves against this constantly evolving threat.
GCN has the story: https://gcn.com/articles/2018/12/17/why-phishing-persists.aspx
Find out the Phish-prone percentage™ of your organization with our free Phishing Security Test that now includes Industry Benchmarking. See where you stack up! Industry Benchmarking enables you to compare your organization’s Phish-prone percentage with others in your industry.
Find out how you are doing compared to your peers and see the difference 12 months can make after using the integrated KnowBe4 Simulated Phishing and Security Awareness Training platform!
With Our Updated Phishing Security Test:
- You can customize the phishing test based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- See how your organization compares to others in your industry
The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Start phishing your users now. Fill out the form, and get started immediately. There is no cost.
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: