It’s October already, and that means it is Cybersecurity Awareness Month. This September provided quite a lead-in, didn’t it? If people weren’t thinking about cybersecurity before, they certainly are now, after the Equifax breach and the worries about PII and identity theft. And that doesn’t take into consideration all of the other security incidents from the month – Deloitte, the Security and Exchange Commission, Sonic, Whole Foods, CC Cleaner . . . the list doesn’t seem to end, does it?
I’ll kick off my Cybersecurity Awareness Month posts with a topic I talk about a lot because it continues to be the bread and butter of cybercriminals: phishing attacks. It continues to amaze me how stymied we are – as IT and security professionals, as organizations, and as general consumers – by phishing attacks. Over and over again, we see studies and surveys citing how little we know about phishing and the lack of ability to recognize a potential attack. For instance, eSecurity Planet reported on an Intermedia survey that found 14 percent of office workers aren’t able to recognize a phishing attack and 21 percent have fallen prey to one. That, of course, is bad news for your company because an employee’s action can lead to bad actors gaining access to your network and data.
And phishing is most certainly bringing hackers into your company. How prevalent is phishing? According to a new study from IRONSCALES, phishing accounts for 90-95 percent of all successful cyberattacks.
One of the reasons that phishing continues to be so successful isn’t just because the scammers are very good at social engineering and fooling users into opening up links and attachments. It is also because organizations aren’t very good at detection and mitigation of phishing emails. According to the study, 46 percent of respondents said it takes more than a day to remove phishing email from endpoints after an attack is reported. Phishing emails continue to easily bypass spam filters, firewalls and gateways because of how well they are able to spoof real organizational and brand emails.
Is AI and automation the solution to phishing email prevention? The study stated that 72 percent of security professionals believe automated inbox scanning and email forensics are the most valuable email security technology and 93 percent of respondents agree that humans and technology need to work side by side in order to better detect and respond to sophisticated email phishing attacks. As Eyal Benishti, founder and CEO of IRONSCALES, said in a formal statement:
When time is of the essence, as it is with stopping and minimizing phishing attacks, the integration of human intelligence with technology significantly and effectively expedites prevention, detection and response.
Awareness is key, as Cybersecurity Awareness Month is all about, but maybe we need to bring a lot more awareness to the problems behind phishing. How does your organization deal with the phishing crisis?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba