Maybe you’re sick of hearing about phishing schemes and the way hackers are using this strategy to infiltrate your networks, access intellectual data, shut down production, or hold your assets for ransom. If that’s the case, then you’ve made a lot of hackers very happy.
And based on Proofpoint’s 2024 State of Phish report, protecting against phishing schemes is simply not being reinforced or given the proper priority. For example,
- 71% of surveyed users admitted to taking a risky action, and 96% knew they were doing something risky when interacting with email or text messages.
- 85% of security professionals said that most employees know they are responsible for security, but 59% of employees weren’t sure or claimed that they’re not responsible.
- Furthermore, 24% admitted to responding to emails or text messages from someone they don’t know, and 19% clicked on links in emails from people they don’t know.
- Finally, 73% of surveyed companies reported a business email compromise, but only 29% are actively teaching users about BEC attacks.
To address these and other phishing attack dynamics, I sat down with Craig Taylor, co-founder of Cyberhoot, a leading provider of phishing prevention solutions. Watch/listen as we discuss:
- How hackers are going after session tokens to steal valuable credential data.
- Why phishing prevention training spends too much time on avoiding the click instead of positive reinforcement of proper actions.
- The need for worker training to go beyond any impact to the company, to the individual cyber risks as well.
- How adding “friction” to email could be a solution.
- The bad password advice that many high-level organizations continue to distribute.
To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].
To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.