SECURITY SPOTLIGHT
////////////////////////////////////////////////////////////////////
THERE’S A MACHINE
THAT STOPS PHISHING
ATTACKS. IT’S CALLED
THE HUMAN BRAIN
Phishing attacks remain a source of anguish for
security professionals. But those who choose to just
throw technology at the problem are overlooking a
vital component of their defence – the ‘human firewall’.
Kamel Tamimi, Principal Security Consultant,
Cofense Inc, tells us more. . . .
U
ntil human nature changes (don’t
hold your breath) phishing attacks
that target unwary people will be a
headache. Two recent headlines show the
Middle East and Africa are not being spared.
Last November, a leading regional bank
issued a customer alert about a phishing
email dangling a value-added tax refund.
Naturally, the email purported to come from
the bank. Whose pulse wouldn’t quicken at
the thought of getting some money back?
The following month, Amnesty International
warned of several credential phishing
campaigns, likely from the same attackers,
targeting Middle Eastern and North African
organisations. In one campaign, the threat
actors took aim at accounts on ‘secure’
emails services like Tutanota and ProtonMail.
42
INTELLIGENTCIO
It would be nice if automation could
solve the problem completely. But while
automated systems, Machine Learning and
AI can help, malicious emails are still getting
past the perimeter. Just ask the regional
bank and Amnesty International.
Here’s what organisations tell us
about the human factor
You could also ask organisations in the
region and across the globe. At Cofense,
we talk to them every day about effective
phishing defence. Following are some
of their insights on thwarting attacks on
humans by empowering them with the right
expertise and tools.
Let’s start with the head of information
security at a Middle Eastern university. A
“
UNTIL HUMAN
NATURE CHANGES
(DON’T HOLD
YOUR BREATH)
PHISHING
ATTACKS THAT
TARGET UNWARY
PEOPLE WILL BE
A HEADACHE.
few years ago, after large-scale attacks by
nation-state actors on other regional targets,
he made human-vetted phishing defence his
number one priority, anchored by a rigorous
phishing simulation program.
When he launched the program, users –
students, faculty, administrators and anyone
else using the network – fell for simulated
phish 55% of the time. That number has now
dropped to close to 10%, with the number
www.intelligentcio.com