The term ‘phishing’ became popular in the mid-1990s. It referred to fishing lures, because hackers used email ‘lures’ to hook passwords and other online information. The ‘ph’ was used instead of ‘f’ because some earlier hackers called themselves ‘phreaks.’ These emails were not usually successful, but the few successes were enough to entice many hackers to jump in.
While most of us are on guard for obvious phishing schemes, the sheer number of them, and their continued evolution, can make it a challenge to always be diligent. In fact, phishing—stealing someone’s online identity or information through email, telephone or text message by posing as a legitimate institution—has grown to be the number one cyber threat today.
In our recent post about Ethical Hacking, we detailed how one hacker called a law firm’s help desk technician posing as a partner and getting key password information in seconds. The law firm was fortunate the hacker was working for them, and didn’t have malicious intent.
Why is phishing so successful? You might say, it’s because we’re only human.
Your technology is only as secure as your people.
While technologies to protect against hacking have advanced at an impressive rate, programs to educate end users have lagged behind. As the Miami Herald reported in late 2016, “Organizational culture and human behavior have not evolved nearly as rapidly as technology. Cyber criminals continue to focus on improving capabilities to deliver malware and attacks that center on tricking individuals into allowing access to systems.”
This technique, called Social Engineering, has been part of most major cyberattacks in the U.S. over the last few years. According to technology firm Globalsign.com, “If you look closely at every reported breach in the past decade, you’ll notice something interesting. Almost every single one made use of phishing or another social engineering technique at some point during the attack.”
The rise of Security Awareness Training
Everyone has received emails that promise to wire some substantial sum, often in the millions of dollars, if only the recipient will provide their bank or personal information. Your immediate reaction may be, “Who would fall for this?” Unfortunately, there are lures that are much more sophisticated than that age-old ploy, and it just takes one mistake from one employee—one infected attachment opened or one link to a bogus website clicked—to put your entire organization’s data at risk. Emails may appear to come from a colleague, or supervisor.
One way to combat these vulnerabilities is with Security Awareness Training. The aim of such training is, as cited in an article from Government Technology magazine, “to condition employees not to click or open anything that looks remotely suspicious … Unlike security training, which focuses on teaching employees and testing their knowledge on a set of rules, awareness training focuses on changing human behavior and making security part of the workplace culture.”
Security Awareness Training is a rapidly growing field, with many resources available for business and organizations. For example, The University of Santa Cruz mandates that all their employees participate in a Cyber Security Awareness course, and the state of Missouri offers a monthly online program in which 40,000 employees participate.
Key factors to consider when implementing a Security Awareness Training Program, per an article from CSOonline.com, includes ensuring executive support, measuring or defining success, and incentivizing participation. Whenever, or however, your organization launches a Society Awareness Training Program, participation from every department is vital.
Get smarter about protecting your organization
In short, your organization’s successful technology security is only as strong as its weakest link, and that may very well be your staff. A well-designed and comprehensive Security Training Program may be instrumental to safeguard your network. At Single Path, we are experts in cyber security, and can design, run and implement a Security Training Program that is sustainable, effective and provides your company a high degree of confidence that your team has the tools in place to help keep your network and data safe. Single Path Security offerings are extensive, collaborative and can include any number of protective services from risk management to data loss prevention protocols. Let us show you how we can help you get smart about security.