Dark Reading Webinar: Recognizing and Responding to Phishing Threats

On March 17, Wombat CTO Trevor Hawthorn and VP of Marketing Amy Baker headlined the Dark Reading webinar, State of the Phish™: Effectively Reducing Phishing and Malware Infections. This one-hour session offers a blend of insights and advice about using security awareness training as an end-user risk management tool.

A poll of webinar attendees revealed that 46% of respondents have experienced a phishing attack already this year, with another 23% not sure if they had or hadn’t been phished. Despite that, another poll indicated that 66% of the attendees do not measure susceptibility to phishing emails — a dangerous proposition given the persistence and rising skill among attackers.

“We have essentially forced attackers to target the end user,” said Hawthorn. “All the attacker wants to do is put something behind the firewall. And from a technical standpoint, we’ve done a good job at blocking other avenues of entry.”

Gone, says Hawthorn, are the abundant network break-ins of the 90s and the formerly wide-open pathways of web app attacks. Because technical advancements have become effective at closing those points of entry and more data and systems are moving to the cloud, organizations are increasingly relying on users to make good security decisions. As such, social engineering training is become more and more important.

“What makes more sense?” asks Hawthorn. “Trying to penetrate Google, Amazon, and other major infrastructures, or trying to compromise a user access point?”

Because phishing is a relatively inexpensive attack method — not to mention a rather successful one — it’s unlikely to be on the decline any time soon. Baker emphasized the economic impact of phishing by stressing one of the most costly side effects of these attacks: employee downtime. She shared statistics from a recent Ponemon Institute study that show that organizations with ~10,000 email users sacrifice an estimated $1.8M each year due to lost productivity from phishing attacks.

Baker closed the presentation by discussing Wombat’s Continuous Training Methodology, a unique approach that has been proven to aid in knowledge retention and effectively change employee behaviors over time. “Attacks happen year-round,” she said, “and so should training.”

To hear more about the technical advantages of our ThreatSim anti-phishing assessments and see examples of our simulated attacks, Teachable Moments, and training modules, as well as view results from several of our customer case studies, access the Dark Reading webinar on demand. Registrants will receive access to PDF copies of Ponemon’s Cost of Phishing & Value of Employee Training, Wombat’s 2016 State of the Phish Report, and a Wombat case study.