My Guest Blogger Eddie Block (CISSP, CIPM, CIPP/G, CISA, CEH) is a senior attorney in Gardere’s Litigation Group and member of the Cybersecurity and Privacy Legal Services Team who focuses on all aspects of information cyber security, including credentialing functions, firewall and IDS deployment and monitoring, and penetration testing, and related complex litigation. Eddie blogs at JurisHacker.
Since every business operates on the Internet it’s imperative that employees get proper training to avoid Phishing not to mention SpearPhishing which is why I say Phishing still king. 2016 proved that phishing lead the charge in most data breaches. According to the latest phishme “2016 Enterprise Phishing Susceptibility and Resiliency Report” 91% of data breaches begin with spearphishing. This is supported by the 2016 Verizon Data Breach Report.
Both companies warn that phishing attacks are a significant threat, potentially the most significant.
Phishing has reportedly been at the heart of many high profile data breaches including Anthem, JP Morgan, and others.
Unfortunately there are not great technological solutions to prevent phishing. Spam tools or anti-virus may help, but phishers continually evolve their messages and approaches.
Training, in my opinion, is still the best way to prevent phishing or any type of social engineering. Through targeted training and testing, organizations have the ability to reduce a persistent threat