Recent Posts

Recent Blog Posts

The PhishLabs Blog

Jenny Dowd

Recent Posts

How to Identify and Block Ransomware

Posted by Jenny Dowd on Apr 13, '17

In the last post, we took an in-depth look at how ransomware changed during 2016, and what we expect to see happen in the coming year.

The post, which was based on a recent webinar, was pretty long and in-depth, so if you'd like some context you might like to go back and read it before continuing or feel free to watch the on-demand webinar.

In this post we’re going to run through the most important part of the webinar: what you can do to secure your organization against ransomware.

Read More

Topics: Phishing, Ransomware, Phishing Trends and Intelligence Report,

The Ransomware Explosion: Lessons Learned in 2016

Posted by Jenny Dowd on Apr 7, '17

In 2016, a year when cybercrime soared to previously undiscovered heights, ransomware was one of the top worries for organizations of all sizes.

And for good reason.

Compared to other malware, ransomware has a very high infection rate, and whether or not organizations opt to pay ransom demands it can cause significant disruption to business processes. Even worse, many co-called “copycat” ransomware families have turned out to be far more destructive than intended, and as a result many files can't be recovered even if payment is made.

Read More

Topics: Ransomware

Security Awareness Training: A Recipe for Success

Posted by Jenny Dowd on Jan 4, '17

In recent months we’ve written a lot about security awareness and phishing awareness training. It’s an involved topic, clearly, and if you’ve taken away anything we hope it will be this:

If you want real, measurable improvements you must test your employees. And when it comes to email security, that means phishing your employees on a regular basis.

In this post, we’ll take a deep dive into a managed phishing awareness training program, and examine the ins and outs of effective security awareness training. From planning to post-game analysis, here are the best practices for managing your program.

 

Read More

Topics: EDT

How to Calculate ROI for Security Awareness Training

Posted by Jenny Dowd on Nov 22, '16

Frustrating, isn’t it?

You put all that effort into designing a security awareness training program… 

But is it helping keep your organization safe? Or is it just satisfying your compliance requirements?

The truth is you have no idea. After all, how can you measure return on investment (ROI) for something intangible like security awareness training?

Read More

Topics: Phishing, Spear Phishing, security awareness training

How and Why You Should Calculate Your Organization's Cost of Phishing

Posted by Jenny Dowd on Nov 15, '16

Everybody knows phishing is costly to their organization. 

But how costly? Few organizations know for sure.

Plenty of studies have claimed to calculate the cost of phishing, but the results are usually hard to swallow. For instance, does phishing cost your organization $1.6 million per incident? Or $3.7 million per year?

Perhaps... but probably not.

The issue with these figures is that they're averages, heavily skewed by data from huge organizations. The results may be interesting, but they're of little use to most organizations.

Read More

Topics: Phishing, Spear Phishing, security awareness training, cost of phishing

Why Your Security Awareness Training Isn't up to Par (And What to Do About It)

Posted by Jenny Dowd on Nov 10, '16

Most security awareness training is boring, infrequent, and ineffective. And the worse part is… everybody knows it.

But why? How did we get to this point? And who does all this sub-par security awareness training benefit?

To answer these questions we’ll need to examine one of the main drivers: Compliance.

Read More

Topics: Phishing, Spear Phishing, security awareness training

Do We Overlook the Best Line of Defense Against Cyber Attacks?

Posted by Jenny Dowd on Oct 25, '16

Cyber Security Awareness Month presents us with the opportunity to catch up on security trends, gauge our security posture, and assess what gaps and exposure may exist.  Do we have blind spots? Or are we overlooking assets readily available to us?

We all know spam filters do not catch 100% of spam, and 1.5% of spam contains malicious links. So when you have one in five employees clicking on phishing emails, you are at risk.  This is not news, right? We all know there is no magic bullet for cyber security, and the best that we can hope for is a strong defense.

When planning the best defense, we often overlook that the best defensive line is right in front of our faces – our employees.  We often think of them as our liability because no matter how many technology controls we put in place, we know statistically that 1 in 5 of them is going to click on a phish.  This week's #CyberAware focus will highlight how, with proper training – and we’ll talk about what ‘proper’ is – you can condition your employees to not just avoid falling for phishing emails, but to actively report phishing attacks to your security team. You can make your employees part of your defense.

Read More

Topics: security awareness training, Cyber Security Awareness Month

So You've Been Infected with Ransomware...

Posted by Jenny Dowd on Aug 18, '16

That awful moment…

You’re working away, getting tasks ticked off left and right… 

And then it happens. A terrible sinking feeling grips your stomach, and you know immediately what’s happened.

You’ve been infected with ransomware. The screen in front of you is filled with demands about Bitcoins, Tor, and encryption keys.

So what now?

You’ll have to tell your boss, of course. But once that’s done, there are some important tasks for you to complete.

Read More

Topics: Phishing, Hacker Tools, Ransomware, Spear Phishing

How to Defend Against Ransomware: The Three Stages

Posted by Jenny Dowd on Aug 9, '16

So far in this series we’ve covered the anatomy of a typical ransomware attack, and looked at some of the most common ransomware families

And that’s useful information to have, but it doesn’t answer the important question: 

How do I keep my organization safe?

So in this article we’ll go through some of the security measures you can take to minimize the likelihood of falling prey to a ransomware attack.

The most important thing to realize is that there’s no magic bullet. There’s no single approach, product, or vendor that can guarantee your complete safety from ransomware… or any other form of cyber attack, for that matter. (If you hear one tell you that, run away fast!)

Instead, there are three stages of defending against ransomware that you and your partners can use to make a ransomware infection far less likely.

Read More

Topics: Phishing, Hacker Tools, Ransomware, Spear Phishing

A Spotter's Guide to Ransomware

Posted by Jenny Dowd on Aug 3, '16

Ransomware is becoming an epidemic. 

From schools and hospitals to police departments, pharmaceutical companies, and even private citizens, it seems like nobody is safe.

And, of course, they aren’t.

So with that being the case, let’s take a look at the different types of ransomware, the most prominent families of 2016, and what’s driving so many threat actors to use this particular style of cybercrime.

Read More

Topics: Phishing, Hacker Tools, Ransomware, Spear Phishing, Bitcoin

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events

Calendar_Mock_

Posts by Topic

see all