Have you ever wondered what happens after a phish gets reported? Does it simply fall into a blackhole? That’s what PhishLabs set out to answer during this month’s webinar.
As you are likely aware, 95 percent of data breaches, an event that occurs on a daily basis, are the direct result of phishing attacks. For as old as phishing is, it continues to be a cyber security threat because it continues to be effective and technology alone can’t combat email attacks. This is not to mention the rise in other phishing attempts through the likes of social media, messengers, and even gaming systems.
During the webinar our Founder and CTO, John LaCour, was joined by our VP of Marketing, Stacy Shelley, to provide an alternative solution to dealing with emails reported by employees. What we kept hearing from professionals in the industry was that enterprises are training employees (which is great) but due to bandwidth constraints, competing priorities, or lack of technical knowledge on how to address what is reported, it was rare that action was taken on reported emails. If nothing happens post report, is there really value in the training? At the end of the day, it’s about results. What are the results of your training program? Is your organization more secure? Are you taking advantage of the human layer of defense? These are the challenges our experts discuss in the webinar.
“If you look across many of the major trends in the cyber security world in the last few years, things like ransomware, nation-state, espionage, wire-transfer scams, business email compromises, if you peel those threats back just a little bit, you start to see why phishing is such a big deal,” said Shelley. “That’s because it’s a fundamental part of the attack kill-chain. It’s how social engineering happens, it’s how most malware is delivered to end-points in corporate environments, it’s also how most credentials are stolen.”
And peel it back we did. Leading up to and during the webinar we asked our audience what happens to suspicious emails after their employees submit them.
What Happens to Reported Emails?
The results are in, and they are certainly interesting! During the webinar much of the audience was well versed from a professional level; however, when we asked the same question on Twitter it mirrored much of what we expected. Professionals such as yourself typically, but not always, analyze reported suspicious emails, but general users commonly have no idea what happens next.
According to polled Twitter users, 45 percent don’t know what happens after submitting a suspicious email, 19 percent say their IT team analyzes it when they can, 18 percent say that their IT team analyzes it immediately, and a staggering 18 percent of users don’t report them at all. The results shouldn’t surprise anyone, and in some cases, it could be an identifier that additional training may be useful as well.
While many users are not sure what happens when they report a suspicious email, our webinar audience helped connect the dots. In some cases, the suspicious emails are analyzed immediately or when they can find time to do so, or it may fall into a black hole since there is no monitoring system in place. Without an analysis there is no mitigation, and that could pose a significant security risk for your organization.
Are employees good at spotting phish?
You may be surprised at how well your employees are able to spot a phish after some rudimentary training. Regardless of how advanced technology becomes, phishing attacks are constantly becoming more intelligent and harder to spot, which means a well-trained employee is your best defense. In a recent analysis of user-reported emails from our clients, a staggering 43 percent consisted of actual phishing attacks. To further break it down, an additional 21 percent were 419 scams, nine percent contained a payload link, and eight percent contained ransomware.
What happens when employees at your company report a suspicious email? If the answer is that you don’t know or nothing, we suggest watching the full webinar to see how some of your peers are tackling the next stages of the process.
This is a Security Bloggers Network syndicated blog post authored by Elliot Volkman. Read the original post at: The PhishLabs Blog