If you can only choose one area to focus on in your IT security work, choose phishing. Phishing is the most widely used method of attacking companies and organizations, causing millions of dollars in costs each year.
Fortunately, most of us don't have to choose just one area to focus on when it comes to IT security. Of course, we don't last many seconds without a working firewall and antivirus system; solutions that virtually all modern companies and organizations have in place, and have also had time to tweak and tune so that they actually do their job quite well.
But for next year's budget, it might be worth thinking about priorities. Extending the security features of your firewall, or switching to an even more intelligent anti-virus system may not be the right way to go when you consider the value for money. The ultimate purpose of investing in IT security solutions is to stop criminals, reduce the number of attacks and minimize incidents.
According to IBM X-Force, phishing is the most common known attack vector for cybercriminals targeting organizations. Last year, nearly a third (31 percent) of all cyber incidents had a known infection vector that can be traced back to a malicious email or phishing attack. The second most common attack vector, accounting for 29% of attacks, is the use of stolen user credentials - which may have been acquired through a variety of methods, including phishing.
To get the most out of your IT security budget, it may be a good idea to look at what can be done about the hated phishing. This is an attack vector that is behind the majority of all IT attacks, but which many organizations have completely or partially overlooked in their IT security investments. A relatively small investment in phishing prevention can have a very large net effect on security.
There are a number of free measures that can prevent phishing in an organization, such as clarification of policies, new procedures to verify senders of emails that process a certain type of information, etc. One of the most effective methods is to activate a Security Awareness program where end users are continuously educated and trained.
The Nimblr Security Awareness Program combines phishing simulations, short online courses and zero-day classes. The solution is delivered as a service and can be activated in minutes.