Leading cybersecurity expert David Baggett recently stated that “cybersecurity awareness training is dead.” What does this mean, and what are the implications for your businesses and employees? In this blog, we will explore WHY and HOW changing end-user behavior is the key to safeguarding customer data in the current threat landscape. Get advice on protecting against cybercrime by fundamentally changing how to detect attacks and coach end-users to make safe decisions.
Emails Are Still the #1 Target for Cybercrime
Companies have paid millions to secure email, yet 90% of cyber security breaches continue to result from an email phishing link planted by a cybercriminal to penetrate your network and steal passwords and private data. Additionally, what makes email so attractive to cybercriminals is the fact that it works! That’s right – email is the most used collaboration tool among employees and the easiest way for cyber hackers to get your information.
While email has security features grafted onto it, it is not made to authenticate who the email is from. So if employees can’t tell who the email really came from, they are left only to guess. – Eric Wood, BFG Partner
While most companies now deploy some type of phishing awareness training, the limited, traditional once-a-quarter training is not enough to change behavior. Behavior is honed over time and is often the result of real-time decision-making.
When Humans and Machines Work Better Together
Machines have the ability to leverage AI technology to search for known or suspicious links and block these senders. Additionally, double authentication and spam filters provide an added layer of protection that every business should have in place.
Not all emails can be blocked, and not all phishing attacks will be caught in the AI and spam filter. Human decision-making is still required. Is the email from a known sender? Is the link a valid link?
Combining the best of machine intelligence with human decision-making in real-time is the most effective way to prevent phishing attacks.
Phishing Prevention 3.0
Introducing a new level of phishing prevention that includes the application of color-coded banners using advanced AI detection to identify the email sender and content that alerts employees to help them make better decisions in real-time. Here’s how it works.
When an employee receives an email, they will see a banner like the three examples below, depending on the security status.
GRAY BANNER “SAFE”:
AI has analyzed this message and does not see any threats.
YELLOW BANNER “CAUTION”:
Indicates that your cybersecurity provider found something unusual about the email message. It is not necessarily phishing or dangerous, but something you should be aware of. For example, one of the categories for a message to be marked as unusual is “Sensitive Content”. This may flag emails containing financial information or contain a request for sensitive personal information. Messages with this flag should be given extra scrutiny but may not necessarily be malicious.
RED BANNER “DANGER”:
This banner indicates that phishing security 3.0 has analyzed the email and believes the message is suspicious and likely to be phishing or dangerous in some other way. This includes brand impersonations (e.g., a fake “account alert” email from your IT department), blacklisted phishing URLs, or attempts to spoof mail to look like it came from an internal company account.
The malicious email banner will contain information about why the email has been flagged as such. You can read more about why the email was risky by clicking the “Details” link.
Reporting “Phishy” Emails:
Employees can actively help prevent cyber theft by identifying and reporting phishing attempts to identify and flag these attempts. It is as simple as clicking the “Report This Email” link on the banner.
This will take you to the Report this email page which will ask you to choose how you want to classify this Email. Click on Safe, Spam, or Phishing and hit submit at the bottom.
How to implement this type of security posture?
IT cybersecurity partners, like Blue Fox Group, help business & IT leaders:
- Review of your security posture and gaps
- Review any regulatory compliance activity and requirements
- Determine how to store and safeguard large amounts of sensitive data through Detection & Response and Encrypted backup services.
- Build a Remote Employee Security Checklist
- Implement Multi-factor Authentication & Phishing Security 3.0