Phishing is the number one cybersecurity threat in the UK, and UK businesses are increasingly coming under attack. A new report from the leading provider of security awareness computer-based training, PhishMe, shows just how serious the threat from phishing has become.
75% of UK businesses have had to deal with an email-based security incident, while almost a quarter are having to deal with more than 500 phishing emails a week.
Even though the threat from phishing is greater than ever, and despite increased investment in security defenses, 48% of surveyed UK businesses felt their response strategies to phishing emails were between ineffective and somewhat effective. One of the biggest problems in the UK is the lack of integration of phishing defenses into other security solutions – a problem at almost half of all UK businesses.
The survey showed that UK businesses are implementing multi-layered defenses to protect against phishing attacks. Almost all UK businesses that were surveyed had at least one security solution that provided protection against phishing attacks, and many had more than four that provided some degree of phishing protection. However, these technological solutions will only go so far.
Many UK firms’ security awareness training programs leave a lot to be desired. Even with multi-layered phishing defenses, some phishing emails will be delivered to end users’ inboxes. Effective security awareness training for the workforce is therefore essential. Since employees will regularly be tested, they must be able to identify phishing emails and know how to respond correctly.
“It’s clear that technology alone hasn’t and will not solve the problem with the human at its very root,” said Rohyt Belani, co-founder and CEO of PhishMe. “Human-assisted technologies that stack up grey matter against hackers and leverage technology to scale and speed up processing are the best bet in defeating phishing attacks.”
Such a solution is offered by PhishMe. PhishMe has created an extensive library of training materials that can be used by organizations to teach their workforce to be more security aware, and train employees how to identify potentially malicious emails.
PhishMe Simulator is also a powerful tool in the defense against phishing. PhishMe Simulator allows organizations to create phishing email campaigns to test and train their workforce. It allows organizations to determine how effective training has been, to identify individuals that require further training, and to train employees how to identify the latest email-based threats. Further, the solution can be easily integrated with existing solutions.
“Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organisation’s security decision-making process,” said Belani.