Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

How To

How to Avoid being the next organisation to be harpooned by phishing

How to Avoid being the next organisation to be harpooned by phishing

By Javvad Malik, security awareness advocate at KnowBe4

With Gartner expecting global security spend to increase above $120 billion and cybercrime on the rise, cybersecurity vendors are in a strong position to aid organisations with the latest innovative and sophisticated technologies to meet the growing demand for security. Despite this,companies are still floundering when it comes to getting security right as evident in the first half of 2019, with over 40 high level data breaches. These have resulted in at least 4 billion records containing highly sensitive information being exposed. One threat that seems to be at the heart of these incidences is phishing. Evidently, something is not quite right.

Javvad Malik

Javvad Malik

According to Verizon’s 2019 Data Breach Investigations Report, phishing was the top threat in successful breaches that were linked to social engineering and malware attacks. Even with security technologies in place, hackers are still successfully avoiding defences by reverting to using ingenious phishing and social engineering methods that target what is often considered the weakest link in security – humans. Whether it be over the phone, duping an individual via email or another creative outreach method, there are numerous ways hackers can extract critical information from unsuspecting staff members.

Which industry struggles most?

When analysing the risk posed to a particular sector, research found there was an increase of 2.6 percent in 2019 to 30 percent across all industries compared to 2018. This was done by measuring the organisation’s Phish-prone percentage (PPP) which would quantify the likelihood of a breach from a phishing attack that targeted the workforce. Although there was a slight uptick in overall risk to all industries, there were some standout stats when examining small, medium and large companies. For instance, across small and mid-sized organisations, those in construction were the most phish-prone, ranking in at 38 percent and 37 percent respectively. Some may be surprised by construction leading the pack, but when you consider those within this industry handle client data or confidential project information, intellectual property, subcontractor data or financials and even employee data including health data, it is understandable why these businesses are being targeted the most.

When investigating large companies (1,000+ employees), the hospitality industry had 48 PPP and was found to be most prone to falling victim to a phishing scam.Those within hospitality have had to quickly come to terms with the disruptive nature of cyberattacks as in the past decade high profile breaches have struck major enterprises such as Hilton, Hyatt, Marriott International and the travel trade organisation Abta.

Organisations that are mid-sized and operated within the banking and financial services industries were slightly higher than the baseline average with PPP’s at 31 and 32 respectively. Given the substantial amount of sensitive personal and financial information that passes through this sector, cybercriminals are naturally going to be drawn to it. No wonder the UK’s Financial Conduct Authority revealed the number of cyber-incidents rose by more than 1000% in 2018.

On the other hand, staff working in transportation were found to be the least susceptible and achieved the lowest PPP with 16 percent. Yet, this is still a significant number when you consider how many users in a larger organisation could put the company at risk by unknowingly clicking a fraudulent link.

The Human firewall

It is often preached that in order to build a strong enough defence against phishing attacks, organisations need to start from within. There is an element of truth in this, but the strength of this defence depends entirely on the tactics and strategies used when training employees. To radically reduce vulnerabilities being disclosed and change end-user behaviour, the right testing and training needs to take place. This begins with a baseline test across the entire business which will give business leaders a PPP for the workforce that can then be used as an indicator to measure against future tests. Depending on the PPP percentage comes staff learning exerciseswhich involve on-demand, interactive and engaging computer-based training. By doing away with the old and archaic PowerPoint slides and incorporating engaging videos and awareness modules,businesses will see an increase in both attention and retention.

Once the initial teaching has been conducted, it’s time to test the workforce again by simulating actual attack methods to mimic real-world threats. This helps train the mindset to create new habits while reinforcing what was learned previously. Once the results from the replicated tests are calculated, business leaders will then have a clear idea of how their employees have responded to the training and the fake phishing scams. Without this benchmark, organisations will forever be at risk.This new-school approach aims to improve overall security through good training in a rapid time frame and results can be seen in as little as three months. Companies that adopted this approach saw the PPP drop in 90 days from an average of 30 percent to 15 percent. This fell further to two percent after 12 months of continued CBT and phishing training showing the effectiveness of this new teaching.

Once organisations gain a clear understanding of how they and their employees stack up in terms of phishing awareness, the path to making them an efficient last line of defence or a ‘human firewall’, can truly begin. In the end, every business, regardless of its size and industry, is vulnerable to social engineering attacks as each individual staff member is seen as a possible entry point for hackers. Therefore, its high time businesses began arming the workforce with the necessary tools, knowledge and training material to help them avoid putting the company in potential jeopardy.

Global Banking & Finance Review


Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post