PREDI C TI VE I NTEL L I GE NC E
Thwarting
phishing
attacks
with human intelligence
Phishing remains one of the biggest threats to
businesses and organisations, with innovative solutions
required to help keep attacks at bay. Alexandre Depret-
Bixio, Vice President of Sales – META, Cofense, explains
how the company is leveraging human intelligence as part of
its phishing defence – and why this works so well.
W
Why is phishing such a threat to
business, especially in triggering
data breaches?
Phishing is still the #1 cyberattack
vector. The statistics supporting this
claim vary but all lead to the same
conclusion – phishing is the biggest
spearpoint used in data breaches.
According to Verizon’s most recent
Data Breach Investigations Report, email
is used in 96% of socially engineered
attacks. What’s more, Verizon notes
that phishing and pretexting represent
93% of all socially engineered data
breaches. (Pretexting involves a false
narrative designed to trick the user.)
And Cloudmark reports that successful
phishing attacks on average cost mid-
sized companies US$1.6 million.
www.intelligentciso.com
|
Issue 06
Phishing emails deliver malware of
every type, including ransomware.
Phishing is also a handy way to carry
out social engineering. For example: an
email spoofing the head of HR asking
employees to click a link and log onto a
page to agree to a corporate policy. Or
an urgent message – again, spoofing
someone in the organisation, perhaps
even the CEO – sent to an employee
in finance and requesting a quick wire
transfer. The latter is a classic case
of business email compromise (BEC),
which the FBI estimates will cause over
US$9 billion in losses in 2018 alone.
In short, there is no easier way for
fraudsters and threat actors to target
your organisation than with phishing
emails. It costs the phisher little – he
doesn’t need a gun to rob you.
What is the Cofense approach to
phishing defence and how does it
leverage human intelligence?
Our name says it all. Cofense
(formerly PhishMe) believes that only a
collaborative defence can stop phishing
in its tracks – as soon as attacks hit
and before they do grave damage. Our
approach begins with human intelligence
and relies on it throughout.
Cofense PhishMe, our security
awareness and phishing simulation
solution, conditions employees to
recognise suspicious emails and report
them with one click using Cofense
Reporter. By sending simulated phishing
emails – especially scenarios based on
real attacks – organisations not only
educate the people who are the targets
33