Phishing insight from security professionals
Over 100 security professionals tell Cofense™ how they combat the threat of corporate phishing
JOHANNESBURG – October 19, 2018 – Threat actors understand that one of the easiest and most cost-effective ways to enter an organisation illicitly is by tricking legitimate employees into allowing the threat actor into the infection process and thereby breaching the company’s defences. This premise lies at the heart of today’s phishing attacks, when fraudulent e-mails, purporting to be from a reputable source, induce individuals to unwittingly reveal personal information such as passwords and financial information.
This is according to Anton Jacobsz, managing director of Networks Unlimited, which delivers award-winning Cofense™ phishing defence solutions to the local market. Jacobsz says, “As a security professional, you may very well have wondered from time to time how your team compares to other organisations when it comes to phishing. You may have questioned whether you have the same phishing concerns and even defences in place as other companies. In this regard, Cofense™ has released a very helpful report, putting together responses from more than 100 security professionals who were asked 11 questions about phishing. Their replies make for fascinating and extremely useful information on the topic of phishing and how to combat it, from the perspective of the security professional. Reading this document should give you some excellent tips and insight on how to be better prepared to defend your organisation against phishing threats.”
According to the report, nearly eight in 10 security professionals know someone who has been hit by phishing, often a co-worker. “Security professionals are particularly concerned about e-mails that mimic company messages,” says Jacobsz, “and yet almost half of the companies in the survey sample don’t offer adequate phishing awareness training to their employees. This is unacceptable in today’s digital world, when people are connected almost constantly across a number of different communication tools, including e-mail and social media.
“Companies need to realise that they can’t simply prevent their employees from using these tools to engage with each other, and so their employees need to be empowered with knowledge that makes them more aware of the evolving threat landscape and less susceptible to enticing – or even threatening – messages that cause them click into the wrong place and unwittingly give up personal or financial information.”
Topics covered in the report include the following:
- Personal experience of the security professional with phishing
- Developments making the problem worse;
- Challenges in tackling phishing;
- Approaches to phishing defence;
- The four scariest types of phish;
- Five issues with incident response; and
- Growing worries about the Cloud and phishing.
The sizes of the organisations represented in the survey were as follows:
- 200 or fewer employees: 22 percent
- 200 to 1,000 employees: 24 percent
- 1,000 to 5,000 employees: 17 percent
- More than 5,000 employees: 37 percent
Of those who took part:
- 52 percent were in IT security;
- 41 percent were in security operations; and
- 18 percent were in incident response.
“The report makes for fascinating and extremely useful reading. The time is now overdue for companies to rethink the way they handle the threat of phishing, and understand that their employees need to be empowered into phishing simulation and training programmes to be able to both ignore and report a phishing attempt. As the report most elegantly phrases it: ‘…thousands of organisations train with phishing simulations. Everyone’s a target. Not all become a victim’,” concludes Jacobsz.
To learn more about Cofense’s phishing incident solutions, please visit: www.networksunlimited.co.za/index.php/products/security/cofense
About Networks Unlimited Africa
Networks Unlimited Africa is a value-added distributor, offering the best and latest solutions within the converged technology, data centre, networking, and security landscapes. The company distributes best-of-breed products, including Attivo Networks, Cofense, Carbon Black, Fortinet, F5, Hypergrid, Mellanox Technologies, NETSCOUT, NETSCOUT Arbor, ProLabs, RSA, Rubrik, SevOne, Silver Peak, Thales and Uplogix. The product portfolio provides solutions from the edge to the data centre, and addresses key areas such as cloud networking and integration, WAN optimisation, application performance management, application delivery networking, Wi-Fi-, mobile- and networking security, load balancing, data centre in-a-box, and storage for virtual machines.
Since its formation in 1994, Networks Unlimited Africa has continually adapted to today's progressively competitive and evolving marketplace, and has reaped the benefits by being a leading value-added distributor (VAD) within the Sub-Saharan Africa market.
Cofense™, formerly PhishMe®, is the leading provider of human-driven phishing defence solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organisation-wide engagement to active email threats. Our collective defence suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organisations in defence, energy, financial services, healthcare and manufacturing sectors that understand how changing user behaviour will improve security, aid incident response and reduce the risk of compromise. To learn more, visit https://cofense.com/.
Contacts for Networks Unlimited
Media Contact for Cofense™
Global Corporate Communications
- Hits: 871