RSS feed Get our RSS feed

News by Topic

BizReport : Internet : June 05, 2017

Expert: Phishers no longer only looking at execs

People click. That's the takeaway from one expert who believes businesses need to become more vigilant at training all employees about phishing and other fraudulent attacks.

by Kristina Knight

Kristina: Which functions within an organization are most at-risk when it comes to phishing attacks?

Asaf Cidon, VP Content Security Servicess, Barracuda: Roughly 91% of attacks start with a targeted email breach. With the volume and sophistication of email breaches on the rise, almost every function within an organization should be on high alert. From administrative assistants to legal teams to engineering arms, each department interacts with valuable, personal, and proprietary information that can be leveraged for nefarious purposes. These attacks are very personal, highly researched and targeted, so even savvy web users can be fooled. Nevertheless, some departments and specific roles in organizations are typically at higher risk because they have information that is of high value or they control the flow of money in the company.

Kristina: Why aren't higher level employees more of a target?

Asaf: There is a misconception that CEOs and other C-level executives are the most attractive targets for phishing attacks. However, those individuals often receive security training and may be better suited to spot a phishing attack as it appears. Many of these criminal circles are run like businesses, which means efficiencies are critical. Attackers often look for employees who offer the path of least resistance. These employees often sit outside the C-suite.

Kristina: What can businesses do to protect lower-level employees from these cyber threats?

Asaf: As these attacks become more personalized, education is more important than ever. And this is true for all levels. At the very least, businesses must conduct general training about the risks associated with phishing or other social engineering scams. More sophisticated trainings will include simulated phishing attacks that not only help employees understand what's at stake, but also help them learn to spot an attack in real-time, which can make the difference between losing hundreds of thousands of dollars or catching an attack before it succeeds.

Regardless of the amount of training, eventually someone will inevitably click. That's why it's essential to have comprehensive email security tools in place necessary to defend against malicious attacks. An advanced email security solution should be able to block compromised attachments or links, and continuously monitor and protect email-borne attacks from both internal and external sources.

More from Asaf and Barracuda later this week, including which employees may be the most at risk for phishing attacks.

Tags: Barracuda, internet security, online security, phishing trends

Subscribe to BizReport



Copyright © 1999- BizReport. All rights reserved.
Republication or redistribution of BizReport content is expressly prohibited without the prior written consent.
BizReport shall not be liable for any errors in the content, or for any actions taken in reliance thereon.