Industry Insights

There's No Silver Bullet For Phishing

Posted by Susan Sison on Jul 5, 2017 9:37:58 AM

privacy_policy.jpgDespite the emphasis on phishing awareness, employees are still falling for this widely-used social engineering tactic. While teaching good cyber hygiene is still a core component of a well-rounded cybersecurity strategy, it’s no silver bullet.

Phishing Behind Majority of Malware Plants

Phishing emails have become a go-to form of attack for hackers looking to cause data breaches. The statistics make for ugly reading:

Why Phishing Works

It may seem easy to stop: Patch systems and then educate staff to turn them into your first line of defense. But it isn’t. Social engineering of employees is incredibly effective. A review of Verizon’s security awareness training data found that 7.3% of users were successfully phished on average, with rates varying based on industry. The phishing success rate rose to 13% in manufacturing and 10% in the healthcare and retail sectors, for example. These are worrisome figures if your organization operates in one of these high-target sectors. Employees don’t even have to click on malicious links to hand over sensitive information to hackers. Used carelessly, social media leads to confidential information leaks and loss of intellectual property.

How to Fight Phishing

Many organizations haven’t learned their lessons from phishing attacks. In fact, over half that experienced a successful attack in 2016 have yet to make changes to cybersecurity. While a core part of a well-rounded cybersecurity strategy, awareness training programs aren’t foolproof. Some lessons may fall on deaf ears and protocols will be circumvented.

The truth is: No matter how educated your workforce, you will experience a breach at some point. Once a breach happens, your focus needs to shift to incident response. A strategy that combines swift teamwork and the automatic communication and sharing of threat intelligence is most effective. Look for a layered, collaborative security platform that enables you to:

  • Segment your network into security zones to isolate breaches and monitor traffic as it moves across physical and virtual environments.

  • Leverage anomaly-based and behavioral-based detection to identify, log and share both known and unknown or unusual network traffic.

  • Integrate advanced SIEM (Security Information and Event Management) to collect, correlate and log incident data from multiple security tools such as firewalls, security sandboxes, endpoint protection tools and  IPS/DPS systems.

Why You Need An Incident Response Plan

By having a tested incident response plan that kicks into gear when an attack is detected, you avoid high-stress scenarios where the damage to your reputation or financial position worsens the longer incidents go unresolved. Among other steps, this involves identifying which security incidents require the swiftest action and what those actions are, biggest threats, simple-to-circumvent protocols and who you’ll mobilize to handle security, legal and PR implications.   

Interested in Training? Visit our   Introduction to Fortigate I Class Schedule >>
A partner of Fortinet, developer of the security fabric platform, NCA has the advanced solutions and expertise to help you mitigate the harms of phishing. Contact us.

Topics: Malware, Cyber Security, Phishing, cyber strategy

Subscribe to Email Updates

Lists by Topic

see all