Intelligent CISO Issue 10 | Page 35

 PREDI C TI VE I NTEL L I GE NC E Until human nature changes (don’t hold your breath) phishing attacks that target unwary people will be a headache. Operational Risk Consultant. “At the end of the day, if we have a breach it’s probably going to have stemmed from some sort of phishing attack. “When our regulators or clients are asking us, ‘What did you do to prevent this?’ it’s important to feel confident that we have an anti-phishing program in place.” | Issue 10 She noted that inbox behaviour is ‘easily measurable’. It’s not hard to sustain a phishing defence program because the metrics are simple to gather and use to demonstrate success. In fact, automation makes it even easier, allowing program managers to schedule a year’s worth of simulations in a matter of minutes. Other automated systems enable SOC teams to filter and analyse reported emails quickly, plus remove them from users’ inboxes when verified as threats. Those are smart uses of technology. After all, machines are great at saving time and handling repetitive tasks, saving human brains and intuition for critical decision- making. But if you’re placing all your bets on tech and neglecting the human factor, it’s going to be a long, and very phishy, year. u 35