Making the move from the typical security awareness training approach to a powerful anti-phishing program isn’t an easy sell.
During our webinar focused on the Qadars Banking Trojan there was a great deal of analysis provided on just how evasive the threat is. This begs the question, how does your team handle malware analysis?
It’s that time of year again.
A day of romance, crowded restaurants, overblown gestures of love, and…
Well. You get the idea.
For those of us in the security world there’s another, less enjoyable component to Valentine’s Day. Yes, even less enjoyable than trying to share a romantic meal while sitting less than a foot away from four other couples.
Yes, I’m talking about holiday themed phishing scams. We’ve written about this precise topic many times before (including last Valentine’s Day) but so far we’ve never tackled the specific scams that surround this romance-centric annual event.
So before you send those dutch-courage fueled love notes, just take a moment to consider…
Frustrating, isn’t it?
You design a powerful anti-phishing program, secure funding from your executive board, provide world-class training. You do everything right…
Oh, your users are probably spotting phishing emails. After all, they’ve engaged with the training, and seem to be taking it seriously.
But no matter how many times you remind them, they just won’t report those phishing emails.
You wake up, wipe the sleep away from your eyes, among the first things you do is to reach over and grab your phone. Your work day hasn’t officially begun, but you’re already looking through your emails. The night before? A similar process, but in reverse. According to a Good Technology survey, 68 percent of professionals check their work email before 8 am and another 50 percent check it while in bed. It doesn’t end there though, as 38 percent commonly break from the dinner table to look through their work emails, too.
In most organizations, a user who can identify and delete phishing emails is considered a huge asset.
And, let’s be honest, they’re certainly a big step in the right direction. Users who can't spot a simple phishing email can easily jeopardize the security of an entire organization, even with a comprehensive set of technical security controls in place.
But in our eyes, there’s still a long way for these users to go. Deleted phish are better than clicked phish, but they shouldn’t be the end goal.
When your employees and team report suspicious emails, it’s an indicator that the security awareness training in place is having a positive effect.
Regardless of the email being spam or legitimate, just a single thwarted attack can make the difference between a slight headache or irreparable financial damage. However, this process is a two-way street, and timely analysis of said reported email is important for several reasons, especially for risk mitigation and improving training effectiveness.
To drive home how important the timely analysis of reported emails is we spoke to our Founder and CTO, John LaCour.
Topics: Threat Monitor
Training users to identify and report phishing emails is far from an overnight fix.
It takes time, persistence, and engagement to make a meaningful impact on user email behaviors.
But you already knew that, didn’t you? In fact, you probably already have a program in place to help users identify potentially malicious emails.
Next week we are publishing the latest white paper from our R.A.I.D. (Research, Analysis, and Intelligence Division) team that focuses on a particularly evasive threat, the Qadars Banking Trojan.
You receive an email, you are unfamiliar with the sender’s name or email address, and they are offering you a new service or deal on something. Is it malicious? Not necessarily. Perhaps you forgot about signing up for a newsletter a while back.