Anti-Phishing Training vs. Software: Does Security Awareness Training Work?

Due to the increasing advances in today’s technology, endpoint protection, and security software solutions are becoming even better at protecting your data. However, while this software is becoming more efficient, so are cyber attacker’s methods and abilities to phish for your data.

Phishing occurs when a fraudulent email or other mediums such as social media and phone calls that mimic that of a reputable company is distributed to individuals to unveil personal information such as credit card credentials and passwords. It is amongst the most prevalent security threats that companies must contain to keep their data secure.

It has been reported that hackers send over 156 million phishing emails every day, and that doesn’t consider other methods that are growing more popular with the widespread use of social media and smartphones further develop. Over the last eight years, 90% of hackers that were successful in data breaches were the result of spear phishing campaigns that targeted an unaware employee. 30% of phishing emails that contain malicious links are opened, and only 3% are reported to management.

How do you know if your company is a target of a phishing attack? Industries that are primarily in the crosshairs are Financial, Government, Healthcare, and Retail domains. More generally, it’s the employees within the business that decide who falls victim to these deceitful practices. They almost always come into play when a person discloses their identity or login credentials. Anyone from the CEO to an entry-level worker could have the information required to complete an attack successfully. Phishing for information through people within a company is often much easier for the cyber attacker than attempting to hack into a system to acquire desired information.

An IT professional should be informed of the top data loss prevention tools to protect their place of work (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Mahwish Khan. Read the original post at: