• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

Red Sift Blog

Cybersecurity for everyone

Red Sift Blog
  • redsift.com
  • Featured
  • Who are we?
  • Get in touch
You are here: Home / Cybersecurity / Teach a man to phish?

Teach a man to phish?

by Clare Holmes
June 18, 2019September 3, 2019Filed under:
  • Cybersecurity

And let me first preface this blog by saying I mean ‘man’ in its broadest sapiens sense. And now we’ve cleared that up, let’s talk about cybersecurity. Cybercriminals have always exploited human weakness to successfully execute cyber attacks. Ask any vendor what the weakest link in the chain was 15 years ago and they’d offer the human up for sacrifice. Fast forward to 2019 and the answer is likely to be the same. So why is it then, when cybercrime techniques continue to become more sophisticated, and the payouts more and more lucrative, is the industry still relying on education as the key to organisational defence?

Most companies hold cybersecurity training (and even primary schools are teaching four and five-year-olds how to stay safe online) as an essential part of the HR induction, or to comply with internal business process policies, and/or staff development. This has been the case for more than a decade, with 95% of information security professionals stating they train end users to identify and avoid phishing attacks. In fact, of the organisations who evaluate the risk that individual end users pose to overall security postures, three quarters rely on security training awareness performance to gauge that risk.

To teach or not to teach

So, for many businesses today, it’s about teaching someone to phish in order to be aware of these threats and therefore not fall victim to a phishing attack. But can anti-phishing be taught, and if so, should it be? Education and awareness have, and always will have, a role to play in any cybersecurity strategy. But with the inherent vulnerabilities in the human element of security, education should be considered as a measure that fortifies, rather than replaces, technology-powered cybersecurity solutions. Employees should form a supportive line of defence within a strategy that positions technology at the helm.

Too cool for school

Companies who rely on education and awareness alone put themselves and their employees at greater risk of attack and under greater time and resource strain. An education-based approach is complex to maintain. It needs to be a part of the onboarding process, but it also needs to be repeated at regular intervals, while taking into account employee turnover, leave, and competing business priorities. More often than not, it applies a one-size-fits-all approach to education, rather than accounting for those employees who may be more receptive to classroom-based learning versus those who respond to participatory learning such as online courses or attack simulation. It also leans towards blaming rather than empowering employees, by putting the responsibility of spotting clever phishing emails onto staff when it could be more effectively and efficiently shouldered by an automated technology solution – don’t make employees your human firewall.

That’ll teach you

In contrast, an anti-phishing solution underpinned by technology does not rely on regular reinforcement, excessive resources, or accountability for accountability’s sake. Of course, it does require some technical understanding, some resources to implement and a place within a broader organisational cybersecurity strategy. But its main benefits are its reliability, its automation and its efficiency. A technology-based solution is built to spot vulnerabilities more quickly and with more accuracy, analyse and report more efficiently, and can even be leveraged to educate and build awareness with employees as it protects. A technology-based solution should be data-driven, contextual and adaptable, and available to all organisations.
The key to building an effective cybersecurity defence among employees is to sufficiently arm users with the information and tools necessary to effectively defend against attacks, rather than continuing to pursue protocols and policies which are unreliable and ineffective. With an endpoint threat protection solution, greater visibility over the network’s threat landscape, and a strong and regular employee education programme, businesses can best mitigate against the threat of phishing, the vector used to launch 91% of today’s cyber attacks.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Tagged:
  • Cybersecurity
  • Phishing
  • training

Post navigation

Previous Post Infosecurity Europe 2019: A-listers still failing to protect their domains
Next Post Interview: Rahul Powar, co-founder & CEO of Red Sift, chats to SC Magazine

Primary Sidebar

Subscribe to our blog and be the first to get updates!

Categories

  • AI
  • BEC
  • BIMI
  • Coronavirus
  • Cybersecurity
  • Deliverability
  • DMARC
  • DORA
  • Email
  • Finance
  • Labs
  • News
  • OnINBOX
  • Partner Program
  • Red Sift Tools
  • Uncategorized
  • Work at Red Sift
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • October 2016

Copyright © 2022 · Milan Pro on Genesis Framework · WordPress · Log in