FEATURE
By illustrating how
cybercriminals
operate through
real-life phishing
simulations,
organisations can
change employee
behaviour and
manage end-user
risk to create a
culture of security.
per message, over twice as many
clicks as the next most clicked lure.
EMILE ABOU SALEH, REGIONAL
DIRECTOR, MIDDLE EAST AND
AFRICA FOR PROOFPOINT
industries. The financial services
industry has a relatively high average
attack index but fewer VAPs.
• 2018 saw impostor attacks at their
highest levels in the engineering,
automotive and education
industries, averaging more than
75 attacks per organisation.
This is likely due to supply chain
complexities associated with
the engineering and automotive
industries, and high-value targets and
user vulnerabilities, especially among
student populations, in the education
sector. In the first half of 2019, the
most highly targeted industries shifted
to financial services, manufacturing,
education, healthcare and retail.
• Attackers capitalise on human
insecurity. The most effective
phishing lures in 2018 were
dominated by ‘Brainfood’, a diet and
brain enhancement affiliate scam
that harvests credit cards. Brainfood
lures had click rates over 1.6 clicks
www.intelligentciso.com
|
Issue 19
Emile Abou Saleh, Regional Director,
Middle East and Africa for Proofpoint,
said: “As more than 90% of targeted
attacks start with email, it is paramount
that organisations have in place a robust
email security strategy through layered
defences at the network edge, two-factor
authentication, email gateway, in the
cloud and endpoint to provide the best
defence against these types of attacks,
most of which lack malware payloads.
is the best way to empower users to
understand how to protect theirs and
their organisation’s data, making end
users a strong last line of defence
against cyberattackers.
“Our security awareness training
and visibility ensures security teams
understand the potential risk that an
individual or group might fall for an
attack, in order to deliver customised
awareness training and reduce the
attack surface.
“By illustrating how cybercriminals operate
through real-life phishing simulations,
organisations can change employee
behaviour and manage end-user risk to
create a culture of security.” u
“Email attacks target specific people
within organisations, not all employees,
which aligns directly with Proofpoint’s
focus on people-centric security.
“Organisations need to know exactly
who is being targeted and why – so they
can tailor their prevention and protection
programmes accordingly.
“Furthermore, educating employees
about cybersecurity best practices
39