Email phishing is a top threat to organizations because it works so well, according to Neil Wynne, principal and analyst for secure business enablement at Gartner. Wynne told Stephanie Kanowitz at GCN that phishing is an easy and effective way for attackers to gain access to a network. These attacks are growing increasingly sophisticated as criminals adapt to security technologies designed to block them.
While the term “phishing” encompasses a wide range of social engineering techniques, it’s most commonly associated with email. Email phishing is one of the most prevalent and well-known types of social engineering, largely due to flaws in the underlying protocol of email itself. The Simple Mail Transfer Protocol was designed over thirty years ago and didn’t include mechanisms to authenticate senders. Some important security protocols have been developed to address this issue, but they aren’t universally implemented and they aren’t foolproof. Technical defenses should be used in combination with employee education and training to ensure that every surface is covered.
“Technology can be used to help prevent users from being exposed to these attacks to begin with, but this will never be 100% effective,” says Wynne. “The human brain can be trained to detect malicious intent better than even the most advanced machine learning model. Of course, education isn’t foolproof either and some attacks are so well crafted that they are not only able to bypass advanced technical controls but can even trick the most well-educated users.”
While there’s no all-encompassing solution to prevent phishing attacks, new-school security awareness training is one of the best tools that organizations can use to defend themselves against this constantly evolving threat.
GCN has the story: https://gcn.com/articles/2018/12/17/why-phishing-persists.aspx
Find out how affordable new-school security awareness training is for your organization. Get a quote now.
Based Blockchain Network