Building Security Culture Against Phishing Attacks
This is a summary of the webinar on how to deal with phishing attacks and ransomware, and on achieving the required level of awareness and building a security culture. The panel comprised of IT professionals specialized in cybersecurity, and working for renowned tech companies: Erman Atak, PennAware Chief Operating Officer, Richard Chapman, Cyber Security Program Director – SOC Manager and Patrick Wheeler, Cybersecurity Architect.
Right from the beginning of the discussion, the host provides crucial information about the main factor that determine the nature of cyberattacks. Based on the geographic region and the local culture, the attackers lure their targets by generating tailored factors or attack vectors. It is worth noting that humans are the weakest points in the cybersecurity as the attackers often use them gain access to protected information. The criminals use phishing emails as their primary (strongest) and most effective tool to launch their attacks to steal data or gain unauthorized access to networks. Even developed countries are not exempted from these attack vectors.
The two major attack vectors used against German firms include phishing and vulnerable points within the system. For instance, attackers tried to deceive internet users using messages appearing to originate from widely used public banks and credit unions. The financial services sector is the most affected industry by cyberattack attempts, recording well over 8,000 phishing emails being sent from fake emails from Belgian and Dutch postal services on daily basis.
Concerning the level of cybersecurity awareness, the main challenge the IT experts face is ensuring that both the public and corporate employees targeted by attackers are fully aware of their mischievous strategies. The awareness programs are usually rolled out through the respective companies, which also desire their employees to carry the knowledge along with them. Getting the cultural awareness program into the public forum is essential, and should be perceived as a social responsibility. According to the team of panelists, it is necessary for the organizations responsible for educating employees on cyber security to look at the employee awareness program in such a way that allows them to understand the whole cycle of these employees without separating their work and life balance. This is because attackers will strike employees through both their home and work identities. For instance, the phishing attacks targeting the executives at the tech companies are not just limited to their workplace, but also target them when at home and their family members. Therefore, it is essential to develop a holistic approach to creating cybersecurity awareness.
Concerning the mistakes made by corporations, the panelists agree that the main issue come from business decisions versus security decisions, as firms fail to train employees on the role on information security or fail to listen to internal IT personnel. Having an excellent system in place without every person understanding their role within that system ultimately leaves the company vulnerable to phishing attacks. Therefore, the experts recommend implementation of a transparent coordinated and layered approach to security implemented through modern technology. Cybersecurity awareness programs should also be made often and make it part of corporate culture while remaining objective. Most importantly, cyber-professionals are encouraged to support their business partners to throughout the process when attacked to minimize the damage and encourage a secure corporate culture on cybersecurity.
13.12.2022 2:00 PM
(Pacific Daylight Time)