When I talk with chief information security officers (CISOs) about email security, I often hear something like this:
They have a problem with phishing attacks. So, they buy new security software. But the CEO continues receiving phishing emails, which he forwards to the CISO, demanding to know why they're still experiencing phishing attacks. Then they buy new security software. And so on.
What's that expression about insanity being defined as doing the same thing over and over and expecting different results?
Phishing continues to be a serious business risk. Yet one-third of IT and cybersecurity pros aren't confident employees can spot and avoid phishing attacks in real time, according to a GreatHorn survey. Worse, users fail to identify nearly half of phishing attacks, another study finds.
Traditional email security approaches are ineffective against phishing because it relies on social engineering, personal interactions, and human decisions that even the most sophisticated artificial intelligence (AI) can't circumvent.
What's needed is a new approach to protecting against phishing — one that actually lowers the likelihood users will fall victim to phishing attacks and reduces phishing-related business risk. To achieve this, follow these five steps to transform your phishing defenses.
1. Understand the phishing kill chain.A kill chain is a military concept for understanding enemy attacks. It divides attacks into distinct phases such as locating, tracking, and engaging with a target.
Like all cyb ..