Technology Record - Issue 31: Winter 2023

“ A security awareness programme tends to be more successful if a senior leadership team has initiated or taken part in it” IN FOCUS: MISA Phishing continues to be a prevalent cybersecurity threat. Microsoft reported more than 156,000 attempts of business email compromise attacks per day in 2023, with a success rate of 42 per cent, in its Digital Defense Report 2023. “Data breaches occur in various ways, but one of the primary causes is individuals clicking on malicious links,” says Mike Devine, chief marketing officer at security solution provider Fortra. “Security officers and IT teams struggle to engage their workforces in security awareness training but there are two strategies that businesses can employ to mitigate human-related risks.” Fortra works with its customers to define security awareness programmes that aim to reduce their business risk levels. It provides courses on a variety of topics including eliminating unsafe behaviours of their workforce, reducing cyber risks and keeping sensitive information safe. “A security awareness programme tends to be more successful if a senior leadership team has initiated or taken part in it,” says Devine. “When managers take the time to undergo simulation exercises it sends a clear message to the rest of the company that other people should do the same. “Enterprises also commend their employees for demonstrating good security awareness. For example, if an employee receives a suspicious email from someone that appears to be a colleague, the security team should praise them for reporting it as suspicious. Similarly, if they fail to identify it as a scam, they should be informed, increasing the likelihood of them learning from their mistake. What’s noteworthy is that businesses begin to observe a decrease in mistakes and an increase in security awareness almost immediately after conducting phishing simulations.” Fortra designs comprehensive anti-phishing strategies to educate employees on how to recognise phishing attempts. “We design solutions that are both simple and comprehensive,” says Devine. “We are living in an exciting time in terms of what technology can do, from encrypting messages to scanning for vulnerabilities across multiple systems. If organisations put the right processes in place, they can really do a good job to prevent human-related cyberattacks.” Security awareness training is applicable across all industries. Retailers, for example, need to stay vigilant all year round but especially during the holiday seasons. “The Christmas period is a busy time of year for retailers and cybercriminals take advantage of that,” says Devine. “It’s important that they don’t let their guard down. Organisations are also vulnerable to attacks over the 4th of July weekend when a lot of IT staff are on leave celebrating. During these periods, it’s a great time for retailers to remind their staff and customers to watch out for those emails that contain malicious URLs or attachments. “We are also seeing a lot of retailers worry about counterfeit products, so they are asking 85 Fight phishing with a simulation solution Fortra is helping organisations to adopt preventive security measures, says Mike Devine BY ALICE CHAMBERS