When it comes to phishing attacks, the numbers are staggering. There are nearly 46,000 new phishing sites created each day. 91% of successful data breaches started with a phishing attack. 76% of organizations in 2017 experienced a phishing attack. 30% of all phishing emails are opened. 97% of employees can’t identify a sophisticated phishing attack. With statistics like these, it’s incredibly difficult to protect your organization from falling victim to a phishing attack.
So what is an organization to do? Well, if your organization uses a cloud email provider (like GMail or Office 365), properly setting up the security these solutions provide is a good start. The security these email providers offer are similar to that of a secure email gateway (SEG). They do a great job of filtering out the spam and a decent job of detecting malicious attacks (but not zero-day or highly sophisticated attacks). Phishing awareness training could be another layer of defense but like SEGs or out-of-the-box security from GMail or Office 365, it has it’s vulnerabilities. Relying completely on your employees to remember their training as your last line of defense leaves your organization vulnerable to being victims of a successful attack. This, however, isn’t to say phishing training solutions aren’t helpful. When implemented and run properly they certainly could reduce the likelihood of a successful attack but still leaves the window open for highly sophisticated and targeted attacks to get through. It only takes one employee to do the wrong thing, for the entire organization to fall victim to a phishing attack.
In Gartner’s “Fighting Phishing – 2020 Foresight” report, when referring to phishing training and awareness, the authors stated this is a “good start toward people-centric security,” but the problem lies in the current email security solutions. Current solutions don’t provide employees with the proper workflow or indicators of trust when dealing with suspicious emails. The authors also stated, “More problematic, however, is that few email security solutions actually offer any visual indicators of trustworthiness to help end users make better decisions in real time. It is unreasonable to expect employees to turn into experts at spotting rapidly changing phishing attacks and not give them any tools to help identify phishing emails and report them in real time.” This is one of the areas were phishing training solutions fall short. They do offer “report phish” buttons within the email client itself, however this is always there and doesn’t offer any indicators of a trustworthy or suspicious message. Without any notifications provided to the recipient that a messages is suspicious or malicious, the organization is now relying on the employees to remember their phishing awareness training for every single email received.
Graphus® can work in conjunction with phishing training solutions or as a standalone product. With our patented AI technology, the TrustGraph®, Graphus® can analyze emails in real-time and identify and remediate suspicious or malicious emails. Alerts are generated and malicious emails are auto quarantined while suspicious emails have EmployeeShield™ inserted into the message. EmployeeShield™ is our interactive warning banner which notifies the recipients of a suspicious message and allows them to take action – mark the message as SAFE or UNSAFE. Their action incorporates feedback into an automated workflow that instantaneously remediates the threat. This reduces the workload for IT and security, which saves time and money but also provides the recipients with the visual indicators needed to take caution and react accordingly. This drastically improves your organization’s last line of defense.
To learn more about how phishing training solutions work, the impact they have on an organization, and how Graphus® can help, click on the button below.