As phishing filters are far from perfect, can phishing ever really be prevented?
Today, with phishing attacks on the rise and the cyber threat landscape constantly evolving, most companies employ some form of technological phishing filter to help prevent phishing.
Such filters typically rely on machine learning to check and categorise incoming emails and, after doing, prevent suspicious emails from making it into corporate inboxes.
Phishing filters are imperfect
Unfortunately, as Mimecast research shows, phishing filters are far from perfect. They might be able to counter dated and known phishing attacks. But consider the below real-world spear-phishing email sent to a senior executive…
Assuming the above was sent as a one-off email, it’s largely indistinguishable from a genuine, considered email.
For the most part, phishing filters are powerless to prevent such attacks.
How else can companies prevent phishing?
Fortunately, information security officers have a second defence they can enlist to prevent phishing: their people.
Framing people as a defence might seem odd. In security, people are often seen as a vulnerability. But without question, alert and aware people detect and stop malicious phishing attacks from doing any damage on a daily basis.
Just as phishing filters categorise some emails as malicious, so too do people. The difference?
People have a larger range of criteria they can use when assessing emails. And, as people aren’t bound by arbitrary rules, people have the ability to err on the side of caution.
As more and more CISOs are beginning to suggest, properly empowered people can prevent cyber attacks – whether phishing or otherwise.
Empowering people to prevent phishing
How do you empower people to spot and report the phishing attacks phishing filters miss?
By changing not just security awareness, but security behaviours and security culture, too.
CybSafe, for example, was built in collaboration with psychologists to change not just what people know about cyber security, but what people think and feel about cyber security and how they respond when confronted with cyber threats.
The intelligent platform systematically measures security awareness, security behaviours and security culture, intervening to improve each in turn. In doing so, it transforms people from a so-say ‘weakness’ to another layer of defence, demonstrably reducing cyber risk in all areas – phishing included.
Can phishing be prevented? The short answer is yes.
The longer answer is yes – through a multifaceted security strategy that enlists a defence most companies overlook.