Why try to hack a secure system when you can just trick someone into handing over sensitive information? This is something that more cyber criminals are asking themselves, according to Mimecast’s Q4 Email Security Risk Assessment.
Spear phishing emails, which manipulate people into believing they are corresponding with a legitimate source, are dominating traditional phishing emails, rising by 50% over the past quarter.
The rise in spear phishing is a response to improved spam filters. Emails containing malicious attachments were once an enormous security problem, but email filtration systems and antivirus technology are now good enough to catch most phishing emails containing malware. However, they’re much less adept at spotting emails asking the recipient to give them login details for confidential accounts.
Your employees are your last line of defense
The pervasiveness of spear phishing is worrisome, as the only thing standing between cyber criminals and the information they want is the email’s recipient. Organizations can have the most up-to-date technology in place to prevent attacks, but if they don’t stop their employees from falling victim to spear phishing attacks, they are still vulnerable.
Staff awareness courses should therefore be an essential part of any organization’s cybersecurity practices. (ISC)2 also advises organizations to carry out simulated phishing attacks on their staff.
Phishing emails sent to everyone in the company (obviously without the malicious payload) can give those who fall victim a warning, and make them think twice in the future.
Our Simulated Phishing Attack will establish how vulnerable your organization is to the threat of phishing. The service provides an independent assessment of employee susceptibility, and benchmarks your security awareness campaigns. It can help you to:
- Satisfy compliance and regulatory requirements;
- Adapt future testing to areas and employees of greatest risk; and
- Reduce the number of employee clicks on malicious emails.
After conducting this test, you might want to take action and enroll your staff on our Phishing Staff Awareness Course.
This course will reduce the likelihood of your employees falling victim to such scams by helping them understand how phishing works, the consequences of a successful attack, and how to identify and respond to malicious messages.