Security Awareness


How Phishing Has Changed Security Awareness and Why Everyone is Scrambling for a Solution…Plus, What You Can Do to Stop It

The majority of data breaches begin as phishing attacks. Yet roughly half of all organizations feel unprepared for phishing, largely because the targets are people busy doing their jobs. If they lack rigorous training, your employees won’t think twice about biting on an email claiming they have a package and, how convenient, “Click here for details.”

For hackers, phishing is easy. And profitable.

The average phishing attack costs a mid-sized company $1.6 million. No wonder the Anti-Phishing Working Group reports that the number of phishing attacks shot up 65% worldwide last year. For many years, organizations have invested in technology to keep them safe from malicious emails. Yet ransomware, CEO fraud/business email compromise (BEC) and breaches stemming from phishing emails inflict a heavy toll. According to the FBI, BEC alone cost businesses worldwide over $5 billion from 2013 to 2016.

Again, phishing skirts technology by targeting human beings. That’s why it’s critical to educate employees to recognize and report all types of phishing attacks. Read below for five ways to turn your employees into human sensors.

5 Ways to Turn Employees into Human Sensors

1. Identify the types of attacks that would hurt your business most.

This is risk management 101. If ransomware is your biggest concern—say, your access to patients’ medical files or customer bank accounts will be blocked—focus on what you can do to prevent a ransomware attack. One proven way is to…

2. Train your employees to recognize phishing emails.

Since most security breaches begin with phishing it makes sense to condition users to know phishing when they see it. “See something, say something” indeed.

3. Simulate phishing attacks to condition employees to stay alert.

Practice makes better, if not perfect. The only way your last line of defense—the employees that attackers target—will hold up against clever ruses is to look for them in their inboxes.

4. Give your users an easy way to report suspicious emails.

Arm employees with a one step process for alerting your IT team to potentially malicious emails. For instance, add a reporting button to employees’ email toolbars, this alerts your team of potential phishing attacks in real time and it helps keep your users engaged. It’s a simple tool they can wield as deputized members of your security team.

5. Last but not least, use free stuff.

Two freebies you should try: Cofense CBFreeTM, a set of computer-based security training modules, and if you work for a small business, PhishMe Free, a simulation tool for businesses with up to 500 employees. With PhishMe FreeTM, you can launch your anti-phishing program at no cost or supplement current efforts.

Why Cofense for Security Awareness?

If you need anti-phishing training, you’re in the right place. After all, Cofense invented the industry.

  • We were the first to provide phishing-simulation training to businesses
  • 27 million end users
  • 160 countries active.
  • 2,000+ organizations
  • Trusted by Fortune 1000 companies to SMB’s, government agencies, non-profits, and more.

In 2017, for the second year in a row, we were named a Gartner Magic Quadrant Leader in Security Awareness Computer-Based Training. Among our many other honors: a Global Excellence Award from InfoSecurity Products Guide 2017. “It’s the difference between saying something and building a culture around something. Because of our partnership with Cofense, I now have employees who are much more skilled at identifying phishing emails.”VP & Global CISO, Energy Utility

Try a FREE Demo. Discover how Cofense can help significantly decrease your risk of being phished.

Sign up for a live 1:1 demonstration of our security awareness solutions. Discover how Cofense can help you significantly decrease your risk of being phished.