How MSSPs Can Protect Endpoints from Phishing
Phishing and pretexting represent 93 percent of all data breaches that befall companies, according to the Verizon 2018 Data Breach Investigations Report. So how can MSSPs protect endpoints from phishing? As has been the case with ransomware, training and employee awareness seem to be among the top consensus answers about how MSSPs can protect endpoints from phishing.
“Cybersecurity risk training can turn one of business’ greatest weaknesses into one of its best defenses,” says Troy Wilkinson, CEO, Axiom Cyber Solutions, a provider of managed cybersecurity solutions to SMBs. “By taking time to inform employees – particularly in sensitive areas like human resources, customer service and finance departments – of the cybersecurity threats they may come across during the course of their work can help a company mitigate attacks.”
That’s because in every IT environment, the weakest link is the end user. It only takes one click on a phishing email to allow a malicious attacker into a corporate network.
“Therefore, it is incumbent on the organization to continually train their users on the dangers of whaling, spear phishing, and phishing at large,” said Jason Dion, lead instructor and owner of
Dion Training Solutions, an online training company. “While providing annual security awareness training is a good start, it is incomplete and is ineffective as a complete solution.”
Instead, organizations are utilizing services, such as Cofense and Phish Insight, to send phishing campaigns to their own users to determine the effectiveness of their previous security awareness training, Dion added.
“These services allow the company to determine if their users can identify a potential phishing email and determine the actual end-user risk associated with a phishing campaign against their organization,” said Dion.
Use Phishing Training Against Phishing
When it comes to training, how MSSPs can protect endpoints from phishing depends greatly on frequency. And if like some trainings, a mass phishing simulation is sent out simultaneously to everyone in the workplace, employees will have time to consult each other over Slack, email, or verbally to spread the word it’s just an exercise. So having the ability to target individuals – much like hackers do – is a very important option, according to phishing experts.
“Increasing teachable moments for employees is a main objective,” said John McCabe Sr., director of global MSSP at Cofense, a provider of collective defense against email-based cyberattacks. “Delivering phishing-scenario emails only when the end user shows activity in their mailbox increases the opportunity for them to engage with simulations. Adding another level of automation to phishing simulation programs creates innovative solutions with flexibility and efficiency for users to gain important resiliency to phishing.”
Phishing training also helps build a culture of security, heightening people’s awareness of …