We can teach people how to be more secure on social media , but an employer cannot technically secure social media profiles .
Could you elaborate on the role of employee training and awareness in mitigating the risk of phishing attacks ?
Technological protection is indispensable – but it is your people who make the real difference when it comes to risk mitigation .
Up to 25 % of phishing emails bypass security filters . Attackers are using more sophisticated and subtle techniques – many now come with no URL , attachment or QR code , hampering automatic detection filters . They are also using different channels to get their content past email filters – we are seeing an increase in smishing , instant messaging and social media attacks . The pace of innovation in cybercrime is intense , and hackers are constantly proving that they can find new ways to infiltrate our systems despite technological defences .
That ’ s why it ’ s so important to invest in your people : with strong security instincts , they can respond to all these threats . A strong human layer can respond to ransomware infections , for example , but also to classic business email compromises or scams – and across business and personal domains . For example , we can teach people how to be more secure on social media , but an employer cannot technically secure social media profiles .
Therefore , employee training and awareness is essential . But it ’ s important to empower your employees to deal with this ever-changing threat landscape . It is not just about whether they click on phishing emails or not – it is also about whether they identify and report changing threats ; whether they report when they have engaged in unsafe behaviour without feeling embarrassed to mitigate the damage ; whether they see it as part of their responsibility to protect their organisation from digital threats – or whether they put all the pressure on ( already overstretched ) security teams .
For me , investing in the human layer of cybersecurity is a truly versatile and powerful part of your cybersecurity strategy . It should always be prioritised .
From a CIO ’ s perspective , what technological solutions or tools are effective in detecting and thwarting phishing attempts ?
From a CIO ’ s perspective , several technological solutions and tools are effective in detecting and thwarting phishing attempts . Key tools include advanced email filtering , which scans and blocks suspicious emails before they reach users ; antiphishing toolbars , which alert users to potential phishing sites ; multi-factor authentication ( MFA ), which adds an extra layer of security to prevent unauthorised access ; endpoint protection , which secures devices from malicious attacks ; and email authentication protocols like DMARC , which help verify the legitimacy of email senders .
38 WWW . INTELLIGENTCISO . COM