Despite the emphasis on phishing awareness, employees are still falling for this widely-used social engineering tactic. While teaching good cyber hygiene is still a core component of a well-rounded cybersecurity strategy, it’s no silver bullet.
Phishing Behind Majority of Malware Plants
Phishing emails have become a go-to form of attack for hackers looking to cause data breaches. The statistics make for ugly reading:
According to the 2017 Verizon Data Breach Investigation Report (DBIR), 66% of malware linked to data breaches was installed via malicious email attachments.
The 2017 DBIR also reports that over half (51%) of breaches involved the installation and use of malicious software.
Users aren’t helping themselves. Although 78% of people claim to be aware of the risks of unknown email links, they click on them anyway.
Why Phishing Works
It may seem easy to stop: Patch systems and then educate staff to turn them into your first line of defense. But it isn’t. Social engineering of employees is incredibly effective. A review of Verizon’s security awareness training data found that 7.3% of users were successfully phished on average, with rates varying based on industry. The phishing success rate rose to 13% in manufacturing and 10% in the healthcare and retail sectors, for example. These are worrisome figures if your organization operates in one of these high-target sectors. Employees don’t even have to click on malicious links to hand over sensitive information to hackers. Used carelessly, social media leads to confidential information leaks and loss of intellectual property.
How to Fight Phishing
Many organizations haven’t learned their lessons from phishing attacks. In fact, over half that experienced a successful attack in 2016 have yet to make changes to cybersecurity. While a core part of a well-rounded cybersecurity strategy, awareness training programs aren’t foolproof. Some lessons may fall on deaf ears and protocols will be circumvented.
The truth is: No matter how educated your workforce, you will experience a breach at some point. Once a breach happens, your focus needs to shift to incident response. A strategy that combines swift teamwork and the automatic communication and sharing of threat intelligence is most effective. Look for a layered, collaborative security platform that enables you to:
Segment your network into security zones to isolate breaches and monitor traffic as it moves across physical and virtual environments.
Leverage anomaly-based and behavioral-based detection to identify, log and share both known and unknown or unusual network traffic.
Integrate advanced SIEM (Security Information and Event Management) to collect, correlate and log incident data from multiple security tools such as firewalls, security sandboxes, endpoint protection tools and IPS/DPS systems.
Why You Need An Incident Response Plan
By having a tested incident response plan that kicks into gear when an attack is detected, you avoid high-stress scenarios where the damage to your reputation or financial position worsens the longer incidents go unresolved. Among other steps, this involves identifying which security incidents require the swiftest action and what those actions are, biggest threats, simple-to-circumvent protocols and who you’ll mobilize to handle security, legal and PR implications.