EDITOR ’ S QUESTION tools and workflows to report suspicious emails to the company ’ s helpdesk or security staff for analysis . However , this subsequently leads to an increase in the number of email alerts that already burdened security teams must investigate .
Return on Investment ( ROI ) is one of the key drivers for all businesses . Unfortunately , cybercriminals have a similar strategy , making email phishing the go-to approach for many modern-day cyberattacks simply because it ’ s a relatively straightforward and cost-effective technique – particularly given the recent proliferation of phishing kits .
SAT alone will never be enough to keep increasingly sophisticated phishing attacks at bay because humans are fallible and a single phishing email fooling just one employee can be enough to facilitate a company ’ s demise . Email attacks are often successful because an employee is distracted as opposed to ignorant .
Therefore , organisations must continually improve their automated detection and response capabilities to reduce the reliance on employees to spot and report phishy emails .
Essentially an all-in-one ‘ starter-pack ’ for planning , setting up and launching a phishing attack , phishing kits provide attackers with all the tools they need and are accessible via a simple search on the Dark Web .
Moreover , they are low cost , with the average phishing kit costing just US $ 70 , and because these kits are not sophisticated or highly technical tools , even amateur criminals can use them quickly and easily . All these factors increase the likelihood that an organisation will be targeted by an email phishing attack .
Third-party secure email gateways and native cloud security capabilities were designed to block spam and other well-known or readily detected threats . Today ’ s targeted phishing , business email compromise and ransomware attacks easily evade these technologies .
A fact well-supported by outages and financial losses constantly making headlines . Clearly then , a different strategy is needed and the solution for organisations is to implement a resilient , layered security strategy .
Security Awareness Training ( SAT ) is a common and often mandated step to increase an organisation ’ s technological defence . SAT teaches employees to recognise the basic signs of a phishing attack , such as spelling errors , incorrect logos and inconsistent font size . By including all employees and educating them on their importance within defence , an enterprise can establish a culture of security .
SAT programmes aim to make users less ‘ phishable ’ and usually leads to users having the
MAGNI REYNIR SIGURÐSSON , SENIOR MANAGER OF DETECTION
TECHNOLOGIES AT CYREN
22 www . intelligentcxo . com