Cyber criminals often seem to do a better job of communicating with a company’s staff than the company itself. Vicki Gavin offers her tips to compete with and defeat the phishers.
Investment in cyber security technologies continues to increase and yet, the scale, scope and number of cyber attacks also continues to increase. How can this be? Shouldn’t increased technical capability reduce the number of successful cyber attacks? The technology vendors would have us believe this is the case. Unfortunately technology alone is not enough. Studies have shown that 90% of successful cyber attacks rely on human error or, more accurately, tricking a person in some way. The cyber criminals are succeeding because they are successfully targeting our people. If we want to reduce the success rate of cyber attacks we must reduce the likelihood of human errors and employ appropriate strategies to minimise the impact when these errors occur.
Let’s look at likelihood first. The cyber criminals’ social engineering and phishing campaigns are succeeding while our user awareness training and education is failing. What are criminals doing that we are not? We can identify some typical characteristics of phishing emails. They always offer the recipient some kind of reward and are focused on a single objective – click that link. To achieve their
goal, phishers vary their approach, trying multiple times with varying sales pitches. They also often require the recipient to make several clicks to get to the prize.
In comparison to clever, interactive and rewarding phishing emails, our corporate cyber training is not nearly as appealing Most annual e-learning can best be described as required, wholesome, familiar and repetitive. Furthermore, rather than an incentive, there is usually a penalty for failing to complete the training.
Full article is available to IT Faculty members and subscribers to Faculties Online