In any cybersecurity strategy, accounting for human error is essential. By some estimates, phishing attacks—in which a bad actor attempts to elicit personal information from a target using deception—account for roughly
Phishing scams often rely on urgency. The malicious message will give you a time-bound reason to log into a trusted platform, such as, “Log in to confirm your account within 24 hours or it will be deactivated.” Don’t allow yourself to be rushed; when in doubt, take the time to access your account through the login page, never the link in the email. -
Many phishing attacks use hierarchical leverage, with the attacker impersonating someone in a higher position in the organization than the recipient. It can be a highly effective method for a threat actor to elicit quick, near-automatic responses from employees. - The biggest red flag for any employee should be when they are contacted via an email address that has not been used to contact them before. Regardless of the type of phishing attack, ask everyone to simply check that the name and email address tally. Back this up with “white hat” phishing campaigns of your own. -
While much attention is focused on phishing through email and text, voice phishing is on the rise. Human-to-human voice contact has a very high power of persuasion. Awareness training is essential, but for added protection, it should be combined with modern technical solutions designed to detect tell-tale call behaviors that indicate the presence of a vishing probe. -
With generative AI being easily accessible, deepfakes are increasingly believable. From emails to texts to phone calls, bad actors can create near-perfect imitations that can fool even the most experienced professionals. Employees need to be aware of and educated on these attacks, but CISOs need to be equipped with passwordless and high-assurance, identity-based approaches to ensure the safety of their data.