The statistic that four percent of employees will click on almost anything, with “Free Coffee” and “Package Delivery” taking some of the top spots among phishbait subject lines, may not sound like much.
However, keep in mind the most successful marketing campaigns only achieve around two percent. With double the response of most marketing initiatives, it's no wonder that the phishing attacks keep coming.
That statistic comes from Verizon’s 2018 Data Breach Investigations Report. The report showed that the number of phishing emails continues to grow. The victims include government agencies that house some of our most sensitive records. The report also reveals that one quarter of all malware detected was ransomware, and it indicated that 68 percent of breaches go undetected for months.
The answer to fending off phishing campaigns may lie in the same employees who choose to click. Using a type of crowd-sourced security that turns employees into human sensors, could be the answer. One example of this approach is the US Department of Defense Cyber Security/Information Assurance program, where contractors share intelligence with each other and the DOD.
With the right training, employees can learn to recognize phishing attempts and alert others of the impending threat. This type of information gives the IT team an advantage leading to a faster response.
Here are a few steps that can empower your employees to be human sensors using a Phish Alert Button:
- An aware victim can be a good sensor. Encourage employees to ask how reading a suspicious email makes them feel. Rushed, pressured, exploited? Then be wary. Train your employees to recognize how the email makes them feel.
- Build an intelligence network. If you make it easy to report potential threat emails, you'll build a steady stream of alerts.
- But don’t overuse the “Abuse Box.” Phishing needs to be reported. Flooding an underprepared IT department with messages that need to be checked, may be counterproductive. Make sure the IT department is ready to handle the volume. So build user awareness as you build capacity.
The number of phishing emails can be expected to grow. But with a change in the way your organization perceives and responds to social engineering, users can become your best defense and not your weakest leak. As always, consider interactive, new-school security awareness training. It's effective and extremely affordable.
GCN has the story, written by Lex Robinson who works at Cofense.
Free Phish Alert Button
When new spear phishing campaigns hit your organization, it is vital that IT staff be alerted immediately. One of the easiest ways to convert your employees from potential targets and victims into allies and partners in the fight against cybercrime is to roll out KnowBe4's free Phish Alert Button to your employees' desktops. Once installed, the Phish Alert Button allows your users on the front lines to sound the alarm when suspicious and potentially dangerous phishing emails slip past the other layers of protection your organization relies on to keep the bad guys at bay.
Don't like to click on redirected links? Cut & Paste this link in your browser: