Phishing remains a common cybersecurity threat. In its Digital Defense Report 2023, Microsoft reported that more than 156,000 business email compromise attacks were attempted per day in 2023, with a success rate of 42 percent.
“Data breaches occur in a variety of ways, but one of the primary causes is individuals clicking on malicious links,” says Mike Devine, marketing manager at security solution provider Fortra. “Security officers and IT teams struggle to engage their workforces in security awareness training, but there are two strategies businesses can use to reduce human-related risks.”
Fortra works with its customers to define security awareness programs aimed at reducing business risk levels.
“A security awareness program tends to be more successful if it is initiated or involved in a senior leadership team,” Devine says. “When managers take the time to participate in simulation exercises, it sends a clear message to the rest of the company that other people should do the same.
“Businesses also praise their employees for demonstrating good security awareness. For example, if an employee receives a suspicious email from someone posing as a co-worker, the security team should praise them for reporting it as suspicious. Similarly, if they cannot detect that it is a scam, they need to be notified; thus, they are more likely to learn from their mistakes. What is notable is that businesses immediately began to observe a decrease in errors and an increase in security awareness after running phishing simulations.”
Fortra designs comprehensive anti-phishing strategies to educate employees on how to spot phishing attempts.
“We design solutions that are both simple and comprehensive,” Devine says. “We live in an exciting time for what technology can do, from encrypting messages to scanning for vulnerabilities across multiple systems. “If organizations put the right processes in place, they can do a really good job of preventing human-caused cyber attacks.”
Security awareness training can be applied across all industries. For example, retailers need to be vigilant all year round, especially during the holiday seasons.
“The Christmas season is a busy time of year for retailers and cybercriminals are taking advantage of this,” says Devine. “It’s important they don’t let their guard down. Organizations are also vulnerable to attacks during the July 4th weekend, when many IT staff are off and celebrating. During these periods, it’s a good time for retailers to remind their employees and customers to watch out for emails containing malicious URLs or attachments.”
“We’re also seeing many retailers worry about counterfeit goods, so they’re asking us to help monitor the web for bad actors pretending to be them and offering their products. It’s especially common on social media, where attackers disguise themselves as a specific retailer on TikTok or Instagram accounts. When this happens, the company its reputation is damaged and its revenues are affected. “We have the ability to monitor this type of behavior to help retailers close the doors.”
Meanwhile, the technology that makes it possible to access medical results or healthcare appointments online comes with various risks.
“Individuals accessing personal data through cloud infrastructure creates the potential for data breaches at all of these access points,” Devine says. “Hospitals need to continue to increase their security awareness through the implementation of training and security solutions such as firewalls and vulnerability scanning to help protect against cyber attacks and personal data breaches.”
Looking ahead to 2024, Fortra will continue to assist organizations with risk mitigation initiatives and strategies.
“Role-based training is an effective method to reduce human-caused risk because it involves simulating phishing emails tailored to different team members,” says Devine. “The simulation will generate emails that are likely to generate ‘clicks’ from recipients, such as brand endorsement requests for marketing managers. At Fortra, we use machine learning and AI-powered tools to create custom security training programs by analyzing individuals and their behavior.”
The company also plans to continue developing third-party awareness solutions for its customers to prevent cyber attacks from being transmitted to third parties.
“Organizations need to understand that they are only as strong as the weakest link in their supply chain,” says Devine. “A business that is successful in managing its employees and increasing security awareness still faces the risk of a cyberattack if a supplier experiences an account or system security breach. Whatever stem a firm is working with, they need to encourage best practices before connecting their systems with third parties to avoid being infiltrated through shared systems or networks.”