Phishing: too much faith put into security software

With phishing attacks increasing in both volume and sophistication, it is important to remain vigilant at all times. However, simple phishing attacks can still be overlooked and can remain undetected. The success of email as an attack vector is at least partially because people put too much faith in email security systems. Given the sheer volume of malicious emails that are sent every day and how quickly criminals’s techniques evolve, it’s unreasonable to expect an email security system to catch every piece of spam.

Research carried out by Columbia University showed that of 2,000 phishing emails that were sent, 176 were opened. Those 176 who opened the email were informed that they had fallen victim to a phishing attack. Another email was sent to that same group and ten people still opened it. A third email was sent and three people opened it. Only on the fourth email did nobody open it.

The key finding from the study is that humans are the weak links. The most important line of defense is the person who receives the email. If you are able to identify and properly respond to a malicious email, you can mitigate the danger. Employee training is vital and it needs to be ongoing to be successful.

Simulated phishing with IT Governance

Our Simulated Phishing Attack will establish how vulnerable your organization is to the threat of phishing. The service provides an independent assessment of employee susceptibility, and benchmarks your security awareness campaigns. It can help you to:

  • Satisfy compliance and regulatory requirements
  • Adapt future testing to areas and employees at greatest risk
  • Reduce the number of employee clicks on malicious emails

After conducting this test, we advise enrolling your staff onto our Phishing Staff Awareness Course. The course will reduce the likelihood of your employees falling victim to scams by helping them understand how phishing works, the consequences of a successful attack, and how to identify and respond to malicious messages.

Find out more about phishing >>