• How to minimise the danger from phishing

        • Phishing is one of a number of exploits that attempt to get an individual to participate in something that is damaging either to themselves or to the wider organisation they are part of. Employee training continues to be a vital part of the defence strategy and the need for vigilance is vital and ongoing. Todd Kleppe, the VP of Global Operations at A10 Networks outlines how to minimise the danger from phishing below.

          Phishing is achieved by luring the individual to open an attachment or click on a link, etc. A study conducted at Columbia University showed the efficacy of email as a form of attack. Researchers sent out 2,000 phishing emails, of which, 176 were opened. Those 176 people were then warned that they'd fallen for a phishing attack. The researchers later sent another round of phishing emails to those same people, and 10 of them once again clicked. After another warning, and a third batch of phishing emails was sent out, three people fell for it again. It wasn't until the fourth round that no one opened the emails.

          As that study shows, it's often people who are the weak links as phishing is a form of attack where human decision-making is critical.

          Certainly training and awareness can help minimise the number of such incidents, and the effectiveness of training can be tested by running an exploit on oneself. Usually someone will click, but the numbers can be minimised.

          The first line of defence remains looking at the traffic. With email for example, most organisations drop anywhere between 65 per cent to nearly 75 per cent of the incoming email. Some of the email is merely suspicious or annoying and you may see emails come through marked with labels such as [SPAM], [Marketing Mail] or the like. The intent is to avoid blocking something that might be legitimate, but to give the user a flag and the opportunity to delete or to create a rule to divert the emails so marked.

          Most companies employ a security framework suck as NIST or ISO27001. Such frameworks include risk assessments, policies and controls to mitigate risks, and audits to demonstrate implementation. One of the key controls is always security and security awareness training.

          Unfortunately, email will continue to be a top vector when it comes to breaching systems. We have relied far too heavily on email for far too long and need to move away from email and begin to seriously look at other communication modalities. In the meantime, measures need to be put in place to keep an organisation and its staff protected. Phishing in particular relies upon human mistakes and so to minimise the danger from phishing it is in the interest of CISOs to ensure all staff are trained, take responsibility collectively and individually for keeping the network and its associated data safe and secure and that effective traffic monitoring is implemented.

          The bad guys are incentivised to attack consistently, often with unsophisticated methods, so organisations need to build resilience to be effective at defending against the attacks.

        • Stay up to date - Click here and register for FREE OEN online membership and enjoy unlimited access to a host of benefits including the exclusive members area of the website, downloadable business tools, current and back issues archive, priority breaking news alerts, weekly e news summary and the OEN app

        • Related Articles

        • Remote security top concern for decentralised procurement

          Remote security top concern for decentralised procurement

          Thursday 23rd Sep 2021 by clareb
          IT heads say data leaks in the home will cause the biggest security headache over the next two years as hybrid working arrangements see employees buying and installing their own technology, according to new research by Brother UK.  More than a ...Read More...
          Research finds IT support positively transformed by pandemic

          Research finds IT support positively transformed by pandemic

          Tuesday 14th Sep 2021 by clareb
          The perception of IT support has dramatically improved thanks to the successful response of service desks to the pandemic, lockdowns and working from home. According to new research from the Service Desk Institute (SDI), sponsored by&n...Read More...
          Satisfaction in the workspace linked to increased productivity

          Satisfaction in the workspace linked to increased productivity

          Tuesday 14th Sep 2021 by clareb
          Fellowes Brands has announced the results of its survey of over 6,000 employees across Europe, 1,000 of which are from the UK, revealing 9 in 10 (91%) of all European employees and 89 per cent of UK employees say satisfaction is important to the...Read More...
                • About Us

                  OEN is the leading source of business news and information for buyers of office equipment, supplies and services within mid tier and up sized organisations. Our multi-platform approach delivers relevant, engaging and focussed content via our main printed magazine, bespoke guides and supplements, website, digital editions, apps, and newsletters with an unrivalled reach across the industry. A highly trusted and respected brand for many years, the print version of OEN last year celebrated its Diamond anniversary.

                  For our latest Media packs and more details on our range of services click here

                • View Latest Issue