The problem with people – phishing in 2018
Because email remains the most popular business communications tool, phishing is set to retain its place as one of the most significant threats to your corporate data security. As long as people keep falling for the scam, criminals will keep sending the messages.
The CyberEdge 2018 Cyberthreat Defence Report highlights malware, ransomware and spear-phishing as causing the most security-related headaches. A headache shared by 49.5% of businesses.
The weakest link – your people
Advanced analytics and machine learning (ML) are helping to improve the accuracy with which malware, security breaches and advanced persistent threats (APT) are being detected. But although the technical aspects of security are improving, the human element still lags behind.
IT managers have been identifying other people inside the business as their biggest security concerns for years. One basic mistake, like opening a phishing email attachment, can have huge consequences. Worse still, these accidents are completely avoidable.
Things are getting better. Slowly.
Anecdotal evidence suggests that employees are getting better at protecting corporate data systems. End-user training is starting to generate a return as staff are now checking their mailbox contents more freely. Which means that your business must continue to invest in training to help raise awareness of phishing techniques and how to block them.
Training cannot be a one-off event, however. Cybercriminals are constantly developing new techniques to get phishing messages into your mailbox – and your staff need to know what they are, and how to respond/block them.
Solving the people problem. With people.
Like other new initiatives, you may find that appointing “security champions” helps staff get answers to their questions. By augmenting your InfoSec team, they help to prevent the IT helpdesk from being swamped with low-level usage queries that divert resources away from other important strategic projects.
As new threats are identified, you only need to provide training for the chosen security champions. They can then share their upgraded skills with their colleagues, creating a trickle-down knowledge transfer effect. This approach helps to keep IT security in the public consciousness, increasing the chance of important messages sticking.
Take the problem away from your people
Your employees have a definite responsibility to behave responsibly and to protect corporate data systems at all times. But at the same time, you have a duty to reduce the opportunities for them to make mistakes.
One way to help close the gaps is to use a managed detection and response service like Navisite’s to handle security. These services allow you to outsource detection of phishing emails, and automatically implement the most appropriate response without input from your users. Your InfoSec team can focus on other aspects of corporate security and end users can get on with their jobs, giving you a productivity boost too. Navisite staff, who help provide managed security and compliance solutions to our clients, are trained to the highest standards and possess a variety of security accreditations such as:
- CISSP
- CCSP
- CRISC
- CISM
- CISA
- GXPN
- GCIH
- CCSK
- CEH (Certified Ethical Hacker)
Managed detection and response services help to significantly reduce risks posed by phishing attacks. Unfortunately, cybercriminals have a whole array of other techniques at their disposal – and your staff will always need to play their part in defending your business.
To learn more about protecting against phishing, and how Navisite’s managed detection and response services will help your business increase security and productivity, please contact us online or call us on (888) 298-8222.