The statistic that four percent of employees will click on almost anything, with “Free Coffee” and “Package Delivery” taking some of the top spots among phish-bait subject lines, may not sound like much.

However, keep in mind the most successful marketing campaigns only achieve around two percent. With double the response of most marketing initiatives, it’s no wonder that the phishing attacks keep coming.

That statistic comes from Verizon’s 2018 Data Breach Investigations Report. The report showed that the number of phishing emails continues to grow. The victims include government agencies that house some of our most sensitive records. The report also reveals that one quarter of all malware detected was ransomware, and it indicated that 68 percent of breaches go undetected for months.

The answer to fending off phishing campaigns may lie in the same employees who choose to click. Using a type of crowd-sourced security that turns employees into human sensors, could be the answer. One example of this approach is the US Department of Defense Cyber Security/Information Assurance program, where contractors share intelligence with each other and the DOD.

With the right training, employees can learn to recognize phishing attempts and alert others of the impending threat. This type of information gives the IT team an advantage leading to a faster response.

Here are a few steps that can empower your employees to be human sensors using a Phish Alert Button:

  • An aware victim can be a good sensor. Encourage employees to ask how reading a suspicious email makes them feel. Rushed, pressured, exploited? Then be wary. Train your employees to recognize how the email makes them feel.
  • Build an intelligence network. If you make it easy to report potential threat emails, you’ll build a steady stream of alerts.
  • But don’t overuse the “Abuse Box.” Phishing needs to be reported. Flooding an under-prepared IT department with messages that need to be checked, may be counterproductive. Make sure the IT department is ready to handle the volume. So build user awareness as you build capacity.

The number of phishing emails can be expected to grow. But with a change in the way your organization perceives and responds to social engineering, users can become your best defense and not your weakest leak. As always, consider interactive, new-school security awareness training. It’s effective and extremely affordable.


Written by Lex Robinson who works at Cofense.

Original article location: https://blog.knowbe4.com/which-users-will-cause-the-most-damage-to-your-network-and-are-an-active-liability