Implement the ‘Mindset – Skillset – Toolset’ triad
By Dr. Yvonne Bernard, CTO, Hornetsecurity
Spear phishing continues to be the most popular cyberattack, and those companies without proper cybersecurity measures are at most risk of being compromised by one. Surprisingly, having proper cybersecurity measures in place may be less common than you think. A recent Hornetsecurity study found that 43% of IT professionals rate their confidence in their remote security measures as “moderate” or “worse”. Establishing a sustainable safety culture is a must to prevent future attacks as cyber hacking methods become more advanced.
How hackers are using AI to their advantage
The introduction of generative AI has given hackers the opportunity to automate and simplify their process of creating spear phishing attacks. With these AI tools, malicious actors only require a few pieces of information, such as personal or professional email addresses or phone numbers. The AI will then sift through social media and the Internet to find additional information, such as a job title, community affiliations, etc.
Using this data, hackers can tailor spear phishing emails to the individual, have them automatically generated and quickly sent, while simultaneously dispatching different versions to multiple target victims. As a next step, threat actors can then use Generative AI to quickly adapt and optimize their messages based on success rates, with little effort.
A “human firewall” is your best defense
The best line of defense for companies to combat cyberattacks is to establish a sustainable security culture. This includes having a “human firewall” – meaning employees have been trained to be well-versed to recognize potential cyberattacks. To help implement these preventative measures, companies need to utilize the “Mindset – Skillset – Toolset” triad.
Mindset: Raise the cybersecurity awareness of employees. Although IT tools are helpful, blind trust in them may lead to not properly vetting potential phishing attacks and email traffic.
Skillset: Combine theory and simulation to educate employees on cyberattack methods and realistic phishing simulations. Paired with general knowledge, these simulated attacks will help strengthen their understanding of phishing emails and how to identify them.
Toolset: Install tools and implement processes to thwart potential attacks and strengthen employees’ security behavior. These tools will help identify attacks and encourage safe habits.
Choose the right amount of cybersecurity knowledge to share
As cyberattacks become more sophisticated, IT managers have many tools, methods, and programs to train their employees to fight against them and to enhance good cybersecurity habits. It is imperative to train employees on these potential risks, but companies must be careful to not overwhelm them with information or training – for example, employees should not be required to know in detail about endpoint detection software, digital firewalls, or network monitoring tools – which may lead to defensiveness and resistance.
What employees need to be familiar with are the knowledge and tools they will use on a daily basis. This includes educating the team on how to identify and report suspicious emails, understanding proper password management, and implementing multi-factor authentication (MFA).
Good password hygiene is one area that is crucial yet often overlooked, so it is important to build a culture that implements best practices and security habits. Employees should create a unique password for each of their digital accounts and applications, as well as turn on MFA where possible for an added layer of security.
Another important habit employees should add to their daily routine is checking emails for authenticity from the moment they read them. This allows them to not be pressured to engage with different phishing emails, even during stressful situations. If an email seems questionable and suspicious, reporting the incident to the IT security department will allow them to address the situation and confirm whether it is a potential cyberattack.
Security-awareness training is the foundation to your organization’s cybersecurity
Companies that focus on security-awareness training are setting themselves up to successfully combat cyberattacks. Establishing a “human firewall” will increase employees’ abilities to assess potential threats and thwart them from the get-go. IT managers need to stay vigilant in upskilling their company employees with new, easy-to-use, up-to-date tools and more sophisticated phishing attacks to ensure their systems will not get compromised due to preventable human error. These actions will help your employees stay ahead of hackers, and keep your organization safe even as cyberattacks become increasingly sophisticated amid the ever-changing digital environment.
About the Author
Dr. Yvonne Bernard is CTO at Hornetsecurity, the global Cloud Security, Compliance and Backup pioneer founded in Hannover, Germany. With a Ph.D. in Computer Science, she has a technical background and is responsible for strategic and technical development in the areas of Product Management, Software Development, Innovation & Research, Security Lab and Cloud Infrastructure. Learn more at https://www.hornetsecurity.com