Fixing Phishing Issue

Tuesday, July 3, 2018 @ 03:07 PM gHale

Phishing email continue to cause heartburn for end users, but there are solutions found in this video.

Organizations worldwide stand to lose an estimated $9 billion this year to employees clicking on phishing emails.

There are new phishing attacks appearing on a regular basis. The reason why attackers use them is pretty simple: They work.

Olympic Attack Group Returns to Action
Employee Behavior and Security Effectiveness
Mobile App Fraud Transactions Skyrocket
Virtual Machine Encryption Bypass

With that knowledge, why do so many people continue to click? Researchers at the National Institute of Standards and Technology (NIST) uncovered one reason, and the findings could help CIOs mount a better defense.

The findings find context plays a critical factor in why users click or don’t click on a phishing email. The more the context of the message seems relevant to a person’s life or job responsibilities, the harder it is for them to recognize it as a phishing attack.

Organizations can improve their defense strategies by considering the team’s broader findings, which are based on more than four years of data gathered by the NIST team in a real-world work environment. By studying not just which deceptive emails led some employees to click, but the reasons why they clicked, the team found that employees are more likely to click on links and attachments when the premise of the email matches their work responsibilities. These email users were concerned about failing to be responsive to their job duties. 

Punishing — or even firing — such conscientious employees who fall for scams is not the best approach.

Instead, CIOs should try to build an organization of engaged users. If an organization looks more closely at their own data on click rates and reporting rates, it can use this information to improve both human user training and the electronic filters that attempt to identify phishing emails.

Leave a Reply

You must be logged in to post a comment.