Logo

How strengthening your last line of defence can help prevent the bad guys getting in

By Stu Sjouwerman, CEO at KnowBe4.

  • 6 years ago Posted in
Hackers do what works – and what works is manipulating a human’s psyche to make them feel curious, important or, sadly, scared. As technical controls continue to improve at thwarting automated attacks, hackers are upping their sophistication at bypassing technical controls through the use of social engineering. Phishing and ransomware attacks are a serious problem to businesses the world over and have become the logical evolution of cybercrime. Criminals can steal or disable access to corporate or personal finances, sensitive employee data, patient data, intellectual property, employee files and other valuable content.

 

Results from a quarterly report analysing KnowBe4 user data to find the Top 10 Global Phishing Email Subject Lines for Q1 2018 emphasised that human error continues to be an organisaton’s weakest link and showed that users, when delivered a simulated phishing test, still continue to open messages with a mix of subject lines related to personal and company notifications.

 

The Top 10 Most-Clicked General Email Subject Lines Globally for Q1 2018 include:

  1. A Delivery Attempt Was Made                                   21%
  2. Change of Password Required Immediately          20%
  3. W-2                                                                                        13%
  4. Company Policy Update for Fraternisation            10%
  5. UPS Label Delivery 1ZBE3112TNY00015011            10%
  6. Revised Vacation and Time Policy                              8%
  7. Staff Review 2017                                                             7%
  8. Urgent Press Release to All Staff                                5%
  9. Deactivation of (email) in Process                             4%
  10. Please Read: Important from HR                                2%

 

*Capitalisation and spelling are as they were in the phishing test subject line
*Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers

 

It appears that many users are suffering from “information overload” in email, making them less likely to carefully scrutinise phishing emails as they should. According to Osterman Research, email has been the number one network infection vector since 2014. Crafting and distributing enticing material using both random and targeted means gives the cybercriminals greater control in targeting potential victims, leveraging multiple psychological triggers and engaging in what amounts to a continuous maturity cycle. So how can organisations fight back?

 

Key decision makers within organisations must be proactive in the following steps to be better prepared and deal more effectively with phishing and ransomware attacks including:

 

  1. Take time to better understand the risks you face
  2. Develop and implement adequate policies
  3. Ensure that systems are kept up-to-date
  4. Ensure there good and recent back-ups in place
  5. Deploy anti-phishing and anti-ransomware solutions
  6. Implement best practices for user behaviour, including simulated phishing tests
  7. Use robust threat intelligence

 

Again, as the addition of Facebook-Cambridge Analytica shows, we see news stories influencing the social engineering emails that hackers send. Cybercriminals expect that users will always be eager to correct a wrong address or to ensure that their bank accounts aren’t being breached. What’s not expected is a user population that has been properly trained to identify suspicious emails, no matter how well-disguised or emotionally charged they are. People are the last line of defence and it continues to be more and more important that organisations take this position seriously by, first and foremost, ensuring their users are properly trained.

5 Cybersecurity Myths That Are Compromising Your Data

By Barry O'Donnelll, Chief Operating Officer at TSG.

Why AI is now table-stakes in cybersecurity

By Dr. Sven Krasser, Senior Vice President and Chief Scientist, CrowdStrike.

Cyber Resilience: Put your guard up!

By Gareth Beanland, Infinidat.

Saving SecOps teams with an observability pipeline

By Nick Heudecker, Senior Director at Cribl.

Securing a path to the cloud for your business

By Stuart Green, Cloud Security Architect at Check Point Software Technologies.

The future of cybersecurity: Edge, Cloud or both?

The cloud is the backbone of digital cybersecurity. By Walter Heck, CTO HeleCloud

Scared of ML or AI? They’re probably the technologies that will improve your security

By Joe Baguley, VP & CTO EMEA, VMware.

Extending data beyond the walls of your company

By Damien Brophy, Vice President EMEA at ThoughtSpot.

© 2024 - Angel Business Communications Limited

Made with by Angels