Over the past 10 years we’ve seen phishing top the charts as the number one threat to organizations when it comes to data breaches. With this increased visibility, not only are Auditors or Regulators asking organizations about their plan to defend against this threat, but so are Boards of Directors. Increasingly organizations are adding phishing simulation training to their security awareness programs to prepare their employees to spot the phish. What we’ve also increasingly seen is organizations encouraging their employees to report that suspicious email. Not only has reporting become so critical for employees to report suspicious email internally, many consumer facing organizations provide instructions for their customers to also report a potential phishing email.
But why has reporting become so crucial to defending against threats? Threat actors are constantly tuning their tactics to bypass any security controls organizations implement to keep them from gaining a foothold into the organization’s infrastructure. Cat and mouse. When security teams get insight into what tactics are being used based on indicators of compromise (IOC), they can minimize the timeline for a potential incident to occur. We often hear “it only takes one to click,” but at the same time it only takes one person to report that suspicious email to alert the security team something’s brewing. We see evidence of the positive impacts of reporting when you read the annual M-Trends report on the median dwell time significant decrease over the past 10 years.
What can you do?
If your organization has a Security Awareness program, incorporate phishing simulation training to ensure your users’ can experience phishing in the exact place they’ll see a real threat. If you’ve already taken the call to action to implement a program, ensure you’ve given users’ the tools to report – an easy button! It’s also critical to use phishing templates to resemble the same types of threats that are landing in their inbox, making it past your secure email gateway (SEG). It’s important to focus your program metrics on the number or percentage of users’ reporting the email. If your organization allows your consumers to create an account, ensure you provide them with instructions on how to report a suspicious email.
As we increase the use of our mobile devices more and more, it’s not surprising that we’ve seen an increase in smishing (SMS phishing) attempts. A vast majority of these are an attempt to get you to log into their site to steal your credentials. When it comes to your personal credentials, threat actors target these to attempt to gain access to your banking, personal email, or social media accounts. Just as important to reporting phishing attempts, reporting a smishing attempt alerts the telecom providers so they can take actions against these threats. We need to make it really noisy for the providers so they take action against these threats. The article below provides instructions on how to report these to your provider.