Johannesburg, 02 Aug 2018
Phishing attacks are now the most frequently encountered category threat to businesses. The technique of using deceit to trick users into voluntarily providing credentials or accessing malicious files or Web sites (often via e-mail) is putting businesses of all sizes at risk.
According to the SANS Institute, 95% of all cyber security breaches on enterprise networks are the result of successful spear phishing (where e-mails are handcrafted to be convincing to chosen targets). A single spear phishing attack can cost a business on average $1.6 million.
So, what should we do to protect ourselves, our organisation, and our employees from getting 'phished'?
First and foremost, we must educate our workforce; all employees who have access to our networks must be able to recognise a phishing e-mail as soon as it hits their inbox. GoldPhish recommends using simulated phishing e-mails to test employees and assess vulnerabilities within the organisation. GoldPhish's Phish Tank platform provides the perfect training programme for this, with real-time e-mail scenarios designed to improve end-user confidence and their ability to recognise phishing attempts.
According to Intel, 97% of people around the world are unable to identify a sophisticated phishing e-mail.
GoldPhish's online cyber security education and awareness platform, CybACADEMY, also incorporates their Phish Tank package into the offering. The platform already delivers monthly 'Be Cybaware' campaign material (poster, infographic and blog article) illustrating simple and essential cyber security controls to all users, and can now also send simulated phishing attack e-mails to test employees. Managers then receive comprehensive campaign metrics identifying trends, improvements and problem areas.
Dan Thornton, Director at GoldPhish, explains why phishing simulations are an excellent addition to any security awareness training programme. "Providing phishing simulations as part of our CybACADEMY platform, and if required, as an individual training product, assists organisations in continuously assessing their employees susceptibility to social engineering tactics and develop their employees' ability to recognise (or at least, suspect) phishing attempts.
If a company can get its computer users to slow down and really evaluate the e-mails they receive before acting on them, they've won half the battle; this will greatly reduce their cyber risk."
Training employees to confidently identify and report suspicious e-mails in the workplace is fundamental to strengthening the 'human firewall'. This is how you reduce the cyber risk to your business.
Get in touch with GoldPhish for a free demo of its Phish Tank and CybACADEMY platforms to see for yourself.
GoldPhish highlights four essentials for building effective training programmes to begin changing behaviour within the workplace. You can access these in its 'Phishing your own pond' blog post.
Share