During the cyber security month 2020, Emmanuel Nicaise, our human-centric security expert passionate about cybersecurity and psychology, has been invited to write an article on the Belnet’s blog about the phishing risks and the importance to train people to stop them and build trust.
« In the last few years, being targeted by cyber-attacks such as phishing has become part of a typical day, or, at least, a typical week. Although we use many technologies to prevent phishing, most have already shown their limits. As CISOs often like to say: humans need to be the last firewall. »
Read the full article on the Belnet’s blog
What is phishing? And how does it work?
Phishing is a form of social engineering with two potential goals: steal information (credit card numbers, computer credentials) or install malware (ransomware or trojan) on the user’s computer.
Phishing attacks exploit our trust. By impersonating the people we trust, hackers can manipulate us into clicking a link or opening an email we never would have otherwise. That is why humans need to be more vigilant. However much we want our people to serve as a ‘human firewall’, they were not hired or trained for that purpose. We need to learn how to easily spot phishing campaigns.
How do we make it simpler to identify phishing attacks?
By training our users to spot a phishing email.
Firstly, we need people to think before clicking. That is why we need to train people in context with phishing exercises. They allow our users to recognise phishing emails without the inherent dangers of the real one. Training should be progressive and tailored to our culture and include feedback to improve performances.
Phishing exercises do not only provide training, but they also keep our users vigilant, it is therefore beneficial to repeat the exercise regularly.
