We’ve all received a pressing or enticing email, social media message or text, usually accompanied by a link or attachment. We’ve clicked on it, only to discover we’ve been duped. Unwittingly, we have opened the door to malicious code. Now, they can compromise networks, breach data, or otherwise reap the ill-gotten rewards too commonly collected by ransomware or malware.
Unfortunately, we fell for the trap and became another victim of phishing – a worldwide problem that is hard to stop. Phishing is increasing in both sophistication and frequency. Hackers are now using Artificial Intelligence (AI) to create phishing attacks that are increasingly difficult to detect. Worse, the habitual line of defence, compliance-focused anti-phishing user-awareness training and testing, is still primarily focused on older generations of phishing that often contain obvious clues like spelling and grammatical errors.
The fact is that generalized security awareness programs, primarily predicated on quick-fix solutions, do little to help employees recognize an AI phishing attack when they’re sent one. Worse, compliance-focused organizations interpret the completion rates of their preparation as indicators of organizational fortification when they’ve hardly battened down the hatches at all.
The real secret to defence against the latest generation of phishing, according to Cary Johnson of Ottawa’s own Phishbusters, is to focus on the clues that remain in today’s AI-generated attacks. “Phishing awareness is not just about noticing an email with spelling mistakes or a strange look and feel,” explains Johnson. “It’s much more advanced.”
Phishbusters offers a proven, progressive approach to combat phishing, beyond simple user-friendly modules, and moving beyond checkbox training modules. Says Johnson, “We have a better, simpler way of nipping it in the bud, one that nobody else uses.”
Phishbusters provides fully managed customized and ethical phishing awareness programs to its clients. The program focuses exclusively on phishing awareness training using a unique methodology that includes simulation emails tailored to evaluate the organization’s baseline level of vulnerability. Employees receive guidance on identifying phishing emails after being redirected to an educational landing page if they fall for a simulated attack. By conducting simulations throughout the year, employees begin to modify their behaviour. Success is measured by comparing click rates to the original baseline, and clients; including the federal government, have reported significant reduction rates ranging from 80% to 91%.