Opening the file from within the company's network lets the hacker in, where he or she can corrupt a company's information or hold it for ransom.
"As far as the biggest threat vectors that exist, that's the human element," said Mark Tishenko, founder and CEO of Vancouver-based Edge Networks. Like AuthO and PacStar, the cybersecurity firm operates in the background, providing managed IT services to clients.
But Edge and companies like it are increasingly stepping out, Tishenko said, encouraging more hands-on employee training as the only true way to prevent phishing scams. Those steps include teaching employees to set up filters to block unverified attachments and links to malicious websites, and implementing stricter password security policies.
"At the end of the day, technology is not going to solve the problem. We as people are," Tishenko said. "We're putting a lot of effort into how we educate the employee to be more diligent, as well as what we can use from a technology perspective to mitigate that risk."
IT providers are tackling today's biggest cyber threats. But some firms, like PacStar, are just as worried about the threats of tomorrow. Specifically, they're worried about who is going to step up to solve them. "There is a huge lack of trained cybersecurity professionals coming through our educational institutions. It's just a drop in the bucket of what we need," says Charlie Kawasaki, CTO at PacStar.
Estimates place the number of unfilled cybersecurity jobs across Oregon at around 3,000 positions, while Oregon colleges and universities are only graduating a few hundred students each year trained in cybersecurity.
To help fill that gap, Kawasaki serves on the advisory board of NW Cyber Camp, an effort launched in 2016 to teach introductory cybersecurity skills to high school students in the Portland area. He said tech companies have to step up and play the role of cybersecurity recruiters to ensure Oregon's growing tech industry has the defenses it needs to fend off constantly evolving threats.
"It's a huge problem," Kawasaki said. "In order to have businesses and nonprofit organizations and government agencies protect themselves adequately from all of these increasing threats, we need to grow our trained cybersecurity workforce."