In recent years, hackers have been moving away from trying to break through holes in an organization’s network perimeter. Since digital defenses have gotten so strong, cybercriminals have correctly identified that internal users of a system are still largely unprotected. What’s more, they’re human — and prone to making fatal mistakes due to overconfidence, lack of knowledge or other factors.
According to Intermedia’s 2017 research, 21% of employees reported falling victim to email phishing attacks. Compare that to 86% of them stating that they were confident they could detect phishing emails in the same research, and you’ll see where part of the issue is. Nowadays, it’s not a stretch to say your employees are your biggest cybersecurity threat, and here’s why:
Usage of Insecure Devices and Networks
With the amount of devices employees use, strict Bring Your Own Device (BYOD) policies need to be put in place to reduce risks of malicious attacks. Using insecure BYOD devices when working in public spaces poses a significant threat, as it exposes the device to possible infiltration. Same goes for using public WiFi networks to access corporate information. The data could easily be intercepted or monitored through public systems, and some of them might even be hacker-created hotspots.
Truth be told, security systems are much stronger today in fighting traditional data breaches. In cases where these systems are breached, the cause often points to human error, most often a simple case of not applying patches when needed. But 95 percent of all cyber attacks are not caused by security vulnerabilities or poor patch management. They are the result of phishing.
Falling Prey to Phishing Attacks
Through educating employees, many of the device-related risks can be reduced or eliminated. However, phishing attacks remain a much larger danger. Once a phishing email ends up in your employee’s inbox, there’s no defense other than them carefully verifying the sender and avoiding any potentially harmful behavior in the meantime. However, many employees fail to take those steps.
Especially when the phishing email is allegedly from the boss or someone higher up in the organization, the odds of employees falling prey to social engineering grow. Most employees will click on a suspicious link or send sensitive information to someone they believe is from their organization.
In this case, education can yield some results. As the scams are becoming more sophisticated, it’s better to stop them quickly. You’ll accomplish this by using preemptive anti-phishing solutions that stop phishing attacks from even entering your network. That way you won’t have to worry about whether your employees will encounter phishing attacks at all. The risk of them compromising your organization’s sensitive data will be reduced to an all-time minimum.
At Area 1 Security, we are dedicated to stopping phish with our comprehensive anti-phishing solution, Area 1 Horizon. It protects your organization across all traffic vectors, and, best of all — you’ll only be paying for phish we catch. We guarantee you’ll be happy with it, and most importantly, your organization will be safe.