As I have already written in several articles here on the blog, it is of utmost importance to make employees aware of information security and especially phishing. It is important for everyone to learn at least the basics about how to get safe online. However, according to a Tessian survey , two thirds of employees are not regularly trained on cyber threats. And most of those who are trained do not remember what was taught. So how can training really prevent people from falling into phishing attacks?
For those who do not know, phishing attacks are threats where the criminal pretends to be a reliable entity to fool a target to click a malicious link, share credentials or transfer money.
In another article we have talked more about how a single Phishing email can cost a company half million for a company .
Employees do not know how to detect e-mail threats
The number one gateway to companies is the email. As a good manager or IT analyst, you understand that making employees aware of email and phishing is important for the organization. However, the research reveals that only one third of companies provide some training or security course in the use of emails.
In addition, most of the employees surveyed said they do not know how to identify a phishing attack or what to do if they receive a suspicious email.
This is very worrying, as 95% of all attacks on companies are phishing results, reaching an increase of 76% compared to last year. Especially with the wave of spear phishing , a much more sophisticated type of attack that is directed to a specific individual or organization.
Without training and awareness of these threats, how can companies expect employees to identify malicious emails and keep the organization safe in 100% of the time?
What are the main targets in the industry?
Charity and NGO institutions are the most exposed and vulnerable, as they usually have no concern to raise awareness to combat cyber attacks such as phishing attacks. Therefore, criminals do not let it be beaten, as they know very well about the amount of valuable data these institutions have, such as personal data and donor information - which include high -income individuals and well -known brands.
However, this sector is not alone in neglecting information security training. According to the research, the education sectors (schools and universities) and engineering companies are also targeted by criminals. This explains the low percentage of employees (30%) who had some training for cyber attacks.
With so much at stake and the threat of speaking phishing increasing, information security needs to be fundamental in the cybersecurity strategy of any company. The education and training of threats are fundamental to help detect emails and malicious websites.
But how much training really solves the problem?
We understand that training is important and greatly helps your employees detect threats, if done regularly and not once every year. But we also need to accept the fact that cyber attacks are constantly evolving.
A spear phishing attack, for example, can be very sophisticated so that a person can identify. In these, criminals will target an individual and try to be reliable contact with the company's network to try to persuade and fulfill their goals.
In general, there are three categories that represent an advanced attack of phishing and are extremely difficult to identify:
- Internal contact - the criminal personifies a co -worker
- External Partner - The criminal personifies a supplier or client
- Service Provider - The criminal personifies a service company such as a bank, Microsoft or Locaweb
Regardless of the Spear Phishing category, the criminal uses various manipulation techniques to try to pass for a true profile. In some cases, the criminal tries to create a relationship with the victim who can last several days until he feels confident and send an email with a request to transfer some money, for example.
Ok, just training doesn't solve ...
So what to do to avoid phishing attacks on the company?
That training is not enough to prevent people from falling into blows, we already know. Companies that tell that awareness of employees is their only defense against phishing attacks are extremely exposed. Not only because employees are confronted with the task impossible to identify all kinds of attack, but also because people make mistakes, break the rules and are easily deceived.
Therefore, in addition to training with employees, companies should employ technology as an ally to help with information security and avoid data and money losses. Modern technological solutions can identify phishing with greater accuracy and speed.
In the case of emails, it is important for companies to first worry about using some reliable email service and helps to detect most malicious emails. Here at Lumun we chose Gmail , in Google's G Suite package. Another good example is Outlook in the Microsoft 365 package.
The Tessian , who has made the research available, also has a service that increases the safety of emails.
Now, if you want a more complete security, which in addition to email can also identify malicious sites on any type of internet access, a good solution is Lumiun . Lumiun is a service that protects users from phishing and increases the safety in internet use in small and medium enterprises through a cloud platform.
Watch the video below the operation of a phishing attack, and how Lumiun takes action to protect his company:
We know that today there is no way to end phishing attacks today. But we can use technologies that greatly improve information security and the same productivity of employees.
Remember that problems with data leakage or loss of information, as well as standing equipment, also impact productivity . The use of network safety tools allows employees to pay more attention to the tasks that generate results, rather than worrying about unstructured security threats.
Ask a demonstration of Lumiun and see in practice how it is possible to transform the safety and productivity of your company.
8 Comments
Comments closed