The PhishLabs Blog

How Have You Gained Buy-in for Your Security Awareness Program?

Posted by Maria O'Dwyer on Oct 26, '16

Gaining the buy-in from executive leadership and employees within your organization to conduct phishing as a form of security awareness training can often be a daunting task. Proper training programs are extremely effective in conditioning employees to identify threats, yet security teams we speak with are often met with a lot of resistance. Employees feel that the simulations are deceitful and used to point fingers.  

If you are faced with these objections, read our post on Hitting Back at the Security Awareness Training Naysayers for why high quality security awareness training is far from a waste of time and money, and how it truly enhances the knowledge and behavior of your users

Read More

Topics: security awareness training, Cyber Security Awareness Month

Do We Overlook the Best Line of Defense Against Cyber Attacks?

Posted by Jenny Dowd on Oct 25, '16

Cyber Security Awareness Month presents us with the opportunity to catch up on security trends, gauge our security posture, and assess what gaps and exposure may exist.  Do we have blind spots? Or are we overlooking assets readily available to us?

We all know spam filters do not catch 100% of spam, and 1.5% of spam contains malicious links. So when you have one in five employees clicking on phishing emails, you are at risk.  This is not news, right? We all know there is no magic bullet for cyber security, and the best that we can hope for is a strong defense.

When planning the best defense, we often overlook that the best defensive line is right in front of our faces – our employees.  We often think of them as our liability because no matter how many technology controls we put in place, we know statistically that 1 in 5 of them is going to click on a phish.  This week's #CyberAware focus will highlight how, with proper training – and we’ll talk about what ‘proper’ is – you can condition your employees to not just avoid falling for phishing emails, but to actively report phishing attacks to your security team. You can make your employees part of your defense.

Read More

Topics: security awareness training, Cyber Security Awareness Month

Ransomware Reload & Definitive Resource Guide

Posted by Lindsey Havens on Oct 21, '16

If you have been following our Cyber Security Awareness Month series,  we applaud you for taking steps to become #CyberAware. We want you to be in best position to keep your organization safe and prevent the next attack. 

If you're just joining us, no worries! We will walk you through the actions you should be taking to prevent attacks like ransomware from gaining a footholinside your network. 

How to Defend Against Ransomware.jpgAround 1.5 percent of spam emails contain malicious attachments or URLs, along with content designed to manipulate people into opening them. This technique, known as phishing, has become an overwhelming favorite of threat actors in the past few years, primarily because it’s a cheap, effective, and a fast way to compromise targeted networks. Phishing has been far and away the most popular delivery method for ransomware, and the continued evolution of text-based social engineering attacks has been a significant factor in the rise of ransomware.What should we do about it? For starters, we must stop being easy targets. Education is the key. Here you will find a comprehensive list of resources for fighting back. Let's get started! 

Read More

Topics: Ransomware, Cyber Security Awareness Month

Pay Up: The 2016 Definitive Guide to Ransomware

Posted by Lindsey Havens on Oct 19, '16

Right now most organizations are completely unready to cope with ransomware, both from security and recovery standpoints. In many cases, even basic security protocols such as consistent vulnerability management are lackluster or missing entirely, and threat actors are making millions of dollars every year as a result. 

That’s why, as part of our   Cyber Security Awareness Month series,  we are helping you take action by sharing our best resources on ransomware. 

In an effort to fight back together against cyberattacks, download this free copy of our Ransomware Whitepaper where we explore the growing threat of ransomware, and what you can do to keep your organization secure. We will walk you through the actions you should be taking to prevent ransomware from gaining a foothold inside your network, and how to make your security program the best it can be. 

Read More

Topics: Ransomware, Cyber Security Awareness Month

#CyberAware: Spotlight on Ransomware

Posted by Lindsey Havens on Oct 18, '16

We field a lot of questions about ransomware, but there’s one in particular that comes up time and time again. “Are we at risk from ransomware?” It’s not a difficult question to answer. Yes, you’re at risk… Everybody is at risk. 

You see, there are plenty of ways for threat actors to spread ransomware. They create fake online advertisements and pop-ups, exploit known vulnerabilities to gain access to corporate networks, and they even drop USB sticks loaded with ransomware in public places. They’re pulling out all the stops to infect your systems with ransomware, so yes, you need to be concerned.

Read More

Topics: Ransomware, Cyber Security Awareness Month

The Growing Business of Cybercrime as a Service

Posted by Lindsey Havens on Oct 14, '16

As part of our Cyber Security Awareness Month series, we have so far explored data breaches and Business Email Compromise (BEC). These topics and tactics roll up into a more global discussion about the growing economy of cybercrime. We reported in 2015 that, as competition continues to rise in the underground marketplace, illicit operations are evolving and expanding services to offer “Cybercrime-as-a-Service” (CaaS). Let's take this opportunity to look into this business model, which continues to strengthen and grow in scope as threat vectors evolve. 

Read More

Topics: Data Breach, Cybercrime-as-a-Service, BEC, Cyber Security Awareness Month

All Phish are Not Created Equal: The Evolving BEC Scam

Posted by Lindsey Havens on Oct 13, '16

To further our Cyber Security Awareness Month initiative in helping you be #CyberAware, we want to focus on a specific type of phishing tactic that has gained popularity in the last few years: Business Email Compromise, commonly referred to as "BEC."  As cybercriminals evolve their attack methodologies, they have learned from their mistakes and BEC is an unfortunate example of how they are circumventing technology defenses and exploiting organizations' greatest vulnerability: employees.  

Read More

Topics: BEC, business email compromise, Cyber Security Awareness Month

Cyber Security Awareness Month: Let's Fight Back Together

Posted by Lindsey Havens on Oct 6, '16

National Cyber Security Awareness Month, which is observed every October, is an opportunity for us as a nation to spotlight security issues that impact our daily lives. As proven by the exponential increase in data breaches, threat actors are finding their way past current security defenses. We need to fight back together if we are ever going to turn the tides on data breaches, phishing attacks, and other malicious online threats that cost organizations and individuals each year.

Read More

Topics: Phishing, Cyber Security Awareness Month, Security


What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events


Posts by Topic

see all