The recent launch in South Africa of PhishMe, an end-to-end phishing mitigation solution, has shown how companies worldwide can make people their best defence against the malicious art of phishing.
The launch in the country of PhishMe Human Phishing Defence by Networks Unlimited, distributor of PhishMe solutions throughout Africa, follows in the wake of the mid-May global WannaCry ransomware cyber-attack, and showcases a new defence against phishing that has employee empowerment as a significant part of the cyber-security strategy.
This is according to Anton Jacobsz, MD of Networks Unlimited, who says: “In the wake of the WannaCry attack, phishing – which is the fraudulent practice of sending e-mails, supposedly from a trustworthy source, to entice individuals to reveal personal and account information such as usernames, passwords and credit card numbers in an ultimate attempt to steal or extort money – is no longer the sole domain of IT nerds. Phishing has suddenly become everyone’s problem, and the word is on everyone’s lips, together with the realisation that such an attack can happen anywhere and at any time.”
Jacobsz notes that employees have become a key area in the defence against cyberattacks, which is a fundamentally different approach to cyber-security from relying mainly on IT support and technology applications only.
Lawson, senior global vice president at PhishMe, agrees that we are living in challenging times and that the news of the WannaCry attack has reminded us all of the need to strengthen our cyber defences. Lawson highlights the example of a sample corporate group of employees, in which e-mail statistics from 2011 to 2015 were compared, showing that e-mail usage (received/ sent) had increased significantly in these four years.
“The study showed that e-mails received and sent had increased from 105 to 125 per day, with the result that in 2015, an average of 71 legitimate e-mails were received daily, 41 were sent and 13 were mentally discarded. Assumptions in the study included a background of two hours of daily meetings and a one-hour lunch-break per employee, with the net result showing that the individuals in the sample group were performing 33 e-mail-related tasks every hour.
“Against this high-density e-mail background, mental fatigue can set in and weakness can result, with the effect that people are simply not reading their e-mails all the time. This is where employees become vulnerable to phishing attacks because they simply have so many e-mails to process. We need to slow them down and train people to think differently about their e-mails, particularly unsolicited messages,” Lawson adds.
“The Harvard Business Review of May 2017 notes that, while artificial intelligence, machine learning and self-teaching algorithms may represent the latest trends in IT investments, we should remember that technology exists for, and is used by, people. The Review reminds us that, going forward, cybersecurity’s future does not lie in a single-pronged approach, or a ‘miracle tool’, but in solutions that recognise the importance of layering human readiness on top of technological defences. And this is exactly where PhishMe Human Phishing Defence comes in.”
Lawson says that with more than 90% of cyber-breaches attributed to phishing campaigns, organisations can turn their employees into the last line of defence after an email has bypassed the other security technology in place.
“With PhishMe, employees can be empowered as part of the solution to strengthen defences, and gather real-time intelligence to stop attacks in progress as well as play a role in gathering information to prevent future attacks. Technology alone can’t solve the problem. PhishMe therefore delivers a comprehensive human phishing defence platform, focused on empowering employees and enabling incident response teams to quickly analyse and respond to targeted phishing attacks.
The PhishMe steps are four-fold: firstly, enabling your employees to recognise a phish threat; secondly, giving them tools to report it; thirdly, having your company’s IT technicians then quickly respond to the threat, and, finally, having PhishMe technicians worldwide continue with ongoing research to gather information about potential threats in the future. In this way, we are making people part of the solution.”
The PhishMe offering works to condition employees to recognise and report threats using PhishMe SimulatorTM and PhishMe Reporter. PhishMe Simulator generates customised phishing attack scenarios to educate employees and help them to recognise potential threats through real-world phishing simulations to provide safe, hands-on experience and learning opportunities. Most employees only need to be caught out once to learn not to click on suspicious links in e-mails. PhishMe Reporter enables employees to report suspicious e-mails with a simple click. The user-generated reports are then forwarded to the company’s IT security teams for full analysis and response.
PhishMe Triage and PhishMe Intelligence strengthen an organisation’s ability to identify and respond to phishing attacks in progress. PhishMe Triage is a phishing incident response platform that enables fast collection and analysis of phishing threats to find real threats in real-time. PhishMe Intelligence uses PhishMe’s database of phishing specific threats and intelligence to enable security teams to identify, block and investigate ongoing and evolving threats.
Jacobsz concludes: “Because the PhishMe solution is proactive and educational, threats and potential threats are identified as they emerge daily, before your network gets hit. Bringing the human element into the cyber-security arena builds an awareness that cyber-threats are everyone’s potential problem – but also allows everyone to be a part of the solution.”