Train the machine—not just the employee.
Hackers know many companies rely on employee training alone, so they’ve been upping their game to trick even the most savvy employees into phishing scams.
Phishing email attacks are nothing new. They have been around for 15 years, but they are still one of the top risks for businesses today. A quick Google search of “how to spot phishing email scams” will show you articles from as far back as 2006.
Advice to employees has remained the same. So, that means that with 15 years of knowledge about phishing (and training employees), the attacks still happen. In fact, these types of attacks have been increasing. According to Verizon’s latest Data Breach Investigations Report, more than two thirds of data breaches involved social engineering attacks such as phishing.
A research group from Vanderbilt, Dartmouth, and MITRE put test subjects through extensive training on detecting and avoiding phishing scams. 90 days later, the subjects had forgotten most of what they learned and were susceptible to phishing emails at the same rate as before the training.
The results above show that if after training, 15 percent of employees are susceptible, that’s still 3,000 employees likely to interact with a phishing email. A study from Carnegie-Mellon, came to similar conclusions: that employee training alone is not enough.
So, while security awareness training helps organizations meet their regulatory and legal requirements, it’s not enough to stop phishing breaches.
We put together the following list of some of the most popular training programs available today.
Perception Point Hack
You shouldn’t rely on employees to notice sophisticated phishing attacks themselves. Instead, we suggest following Gartner’s advice about installing extra security protocols.
Unfortunately, training is not going to stop the problem 100 percent of the time. And even with other security controls to prevent or contain an incident, there still may be a breach and cleanup. As with any control, the goal is to reduce the risk to an acceptable level, then live with the residual risk.
Unlike a person, the Perception Point solution can tell when an email is a forgery, and send it straight to quarantine or deliver it with disabled links and warnings.