Did you know that, according to CISA data, 90% of all cyber attacks begin with a phishing attempt? Phishing is still the most used attack method by cyber criminals due to the low effort it requires and the high amount of victims it produces. These are major reasons why CISA has chosen to highlight “Training to Recognize and Report Phishing” during Cybersecurity Awareness Month this year.
Two key items are what make phishing attacks low effort and high yield for cyber criminals, and the reasons why these numbers may continue to rise:
- 1
The amount of information available to cyber criminals to use through social engineering continues to increase with more information we provide online, and then use bits of that information in passwords
- 2
Cyber criminals are taking advantage of artificial intelligence tools to write phishing emails that reduce grammatical and spelling errors that were keys to identifying potential phishing scams, and distribute them at a higher volume
Consider this phishing email our Director of Engineering prompted ChatGPT to write from our webinar, AI And The Cyber Threat Frontier to illustrate how much easier it is for cyber criminals to write phishing emails that are harder to identify.
The pitfalls of providing more information for social engineering tactics and the unchecked growth and power of AI have made phishing attacks more dangerous than ever. Not only is training to try to spot and report phishing more important than ever, but constant awareness and vigilance are also crucial through training.
Here are some quick training tips to put into practice every single day:
- If you’re not expecting an attachment or email from an unknown sender, report it
- Use the ‘three-second’ rule before clicking on anything
- Hover over links to check for valid URL
Also, remember that mistakes do happen and it’s much better to report falling victim to a phishing scam than try to hide it and let it go through your network unchecked. It’s just as important to give your staff leniency when a mistake is made so that they are more likely to report it and everyone can learn from it.
Talk to SecuLore today about setting up a Cyber Awareness Training program for your staff that includes the best practices followed by the FCC, DSH and NIST.
The above content was repurposed, with permission, from the blog post “Cybersecurity Awareness Month 2023: Key Takeaways” by SecuLore