Intelligent CISO Issue 76 | Page 37

f

e

a

t

u

r

e

What proactive measures do you recommend for CIOs to prevent phishing attacks on their organisations ?
Phishing is still among the top cyberthreats faced by businesses . SoSafe ’ s Human Risk Review 2023 tells us that 61 % of security professionals admit that their company has been a target via email – and I think most feel that ’ s a low estimate of the reality .
And these attacks are no longer simple lures . Criminals use psychological tactics to draw in victims , influence their behaviour and create unwitting accomplices .
Andrew Rose , CSO at SoSafe
These sophisticated phishing tactics are designed to circumvent technical protection measures , taking advantage of the human factor through emotional manipulation and social engineering . While strong technical security measures are essential , they are no longer enough . Your users have become your primary attack surface so leaving them unprotected is unthinkable . Security leaders need to step up and manage human risk holistically – but they need solutions that help them to proactively identify , quantify , manage and reduce human risks .
Andrew Rose , CSO at SoSafe , discusses the proactive measures IT leaders can take to prevent phishing attacks on their organisations .
Security awareness training and human risk management , based on behavioural science principles , is therefore critical . Training of this kind goes beyond transferring knowledge but instead considers human behaviour in its entirety , including motivational factors , attitudes , context , emotional responses and even cultural influences . It focuses on changing behaviour through positive reinforcement and personalised learning . Multichannel approaches can also help employees learn through gamification , microlearning , continuous and spaced repetition and storytelling , boosting user engagement and ultimately instilling real behavioural change .
At the same time , security leaders should quantify behaviours and derive an insightful human security or risk score , making it easy to track risk , progress and decide on necessary interventions , both automated and manual , as to support their proactive security strategy . The ultimate goal is not just to tick a compliance box , but to help to guide employees to consistently embrace secure behaviour as part of a broader security culture .
WWW . INTELLIGENTCISO . COM 37