Phishing continues to be a prevalent cybersecurity threat. Microsoft reported more than 156,000 attempts of business email compromise attacks per day in 2023, with a success rate of 42 per cent, in its Digital Defense Report 2023.
“Data breaches occur in various ways, but one of the primary causes is individuals clicking on malicious links,” says Mike Devine, chief marketing officer at security solution provider Fortra. “Security officers and IT teams struggle to engage their workforces in security awareness training but there are two strategies that businesses can employ to mitigate human-related risks.”
Fortra works with its customers to define security awareness programmes that aim to reduce their business risk levels. It provides courses on a variety of topics including eliminating unsafe behaviours of their workforce, reducing cyber risks and keeping sensitive information safe.
“A security awareness programme tends to be more successful if a senior leadership team has initiated or taken part in it,” says Devine. “When managers take the time to undergo simulation exercises it sends a clear message to the rest of the company that other people should do the same.
“Enterprises also commend their employees for demonstrating good security awareness. For example, if an employee receives a suspicious email from someone that appears to be a colleague, the security team should praise them for reporting it as suspicious. Similarly, if they fail to identify it as a scam, they should be informed, increasing the likelihood of them learning from their mistake. What’s noteworthy is that businesses begin to observe a decrease in mistakes and an increase in security awareness almost immediately after conducting phishing simulations.”
Fortra designs comprehensive anti-phishing strategies to educate employees on how to recognise phishing attempts.
“We design solutions that are both simple and comprehensive,” says Devine. “We are living in an exciting time in terms of what technology can do, from encrypting messages to scanning for vulnerabilities across multiple systems. If organisations put the right processes in place, they can really do a good job to prevent human-related cyberattacks.”
Security awareness training is applicable across all industries. Retailers, for example, need to stay vigilant all year round but especially during the holiday seasons.
“The Christmas period is a busy time of year for retailers and cybercriminals take advantage of that,” says Devine. “It’s important that they don’t let their guard down. Organisations are also vulnerable to attacks over the 4th of July weekend when a lot of IT staff are on leave celebrating. During these periods, it’s a great time for retailers to remind their staff and customers to watch out for those emails that contain malicious URLs or attachments.
“We are also seeing a lot of retailers worry about counterfeit products, so they are asking us to help monitor the web for bad actors that are posing as them and offering their products. It’s especially prevalent on social media where attackers disguise themselves as a particular retailer across TikTok or Instagram accounts. When this happens, it damages company reputations and impacts their revenue. We have the ability to monitor those kinds of behaviours to help retailers batten down the hatches.”
Meanwhile, the technology that makes it possible to access medical results online or healthcare appointments opens up a variety of risks.
“When individuals access personal data through cloud infrastructure, it creates the potential for data breaches at all those access points,” says Devine. “Hospitals need to continue to raise their security awareness through training and security solution implementation like firewalls and vulnerability scanning to help protect against cyberattacks and personal data breaches.”
Looking ahead to 2024, Fortra will continue to assist organisations with their risk-mitigation initiatives and strategies.
“Role-based training is an effective method to mitigate human-related risk because it involves simulating phishing emails tailored to different team members,” says Devine. “The simulation will create emails that are likely to generate a ‘click’ from receivers such as requests for branding approvals for marketing executives. At Fortra, we use machine learning and artificial intelligence-powered tools to analyse individuals and their behaviour to create tailored security training programmes.”
The firm also plans to continue developing third-party awareness solutions for their clients, to avoid the repercussions of cyberattacks on third parties.
“Organisations need to understand that they are only as strong as the weakest link in their supply chain,” says Devine. “A business that is doing great in managing its employees and increasing security awareness is still at risk of a cyberattack if it has one supplier that experiences an account or system compromise. Whatever ecosystem a firm is working with, they need to encourage best practices before connecting their systems with third parties to avoid being infiltrated through shared systems or networks.”
This article was originally published in the Winter 2023 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription.