The most popular Massachusetts summer beach vacation destination, Cape Cod, has seen an unusual spike in shark sightings this summer. Marine biologists aren\u2019t saying that means there are more sharks than usual, but that they are swimming closer to shore. \u00a0Thanks to the increasing number of drones and cellphone videos, it seems like Cape Cod is experiencing a Shark Summer. And it\u2019s having an impact on summer activities, as many beaches are closed and swimmers are warned to stay close to the shore. No one wants to slip-up and take the risk of inviting the next shark attack, particularly after a fatal attack last summer.This summer, the shark threat isn\u2019t just in the water. The kind of shark threats I\u2019m referring to are the cybercriminals and hackers who have successfully lured in high-profile victims for a phishing attack. Here are some of the major attacks we\u2019ve seen this summer:Amazon Prime Day shoppers may have been lured in by hackers using a phishing kit that lets anyone design emails mimicking legitimate tech businesses. It\u2019s pretty low-level phishing, as far as attacks go \u2013 more like a day of catching minnows rather than deep-sea trophies \u2013 but very effective for those looking to grab the best deals.Attackers got a little more creative in a scam against American Express Just as a fly fisherman uses inventive lures to attract trout, these phishers used a base HTML element that tricked spam filters into believing it was a legitimate URL and filtered the email into inboxes. Then it relayed a sense of urgency that users needed to take action by clicking this legitimate-looking link or otherwise have their accounts suspended.GDPR reeled in its biggest catch in terms of fines (so far) when \u201cweak security allowed user traffic to be diverted from the British Airways website to a fraudulent page,\u201d according to CNN. This allowed hackers to harvest all types of sensitive passenger data, and now BA faces up to $230 million is fines, a GDPR record.In Bulgaria, a hacker gained access to a government database and compromised the records of 5 million out of the country\u2019s 7 million residents. A single shark attack can impact an entire beach and its surrounding neighborhood.\u00a0 In this case, a single hacker can impact an entire country.No one is immuneNo organization is immune from the threat of a phishing attack and its aftermath. We talk a lot about how cybercriminals are becoming more sophisticated in their attempts to stay one step ahead of security systems, but only the American Express hack above could be considered sophisticated, or at least more sneaky than usual.Instead, phishing attacks target the weakest link in security \u2013 humans. Hackers smell the blood and go after it, knowing that someone is going to make a mistake and turn into prey. That\u2019s why CISOs and the security team need to rethink their approach around phishing attacks. There is a tendency to trust our email messages, especially if it appears to be from a known person or a familiar company. Instead, we have to mistrust everything and be hypervigilant when wading into the murky waters of our inboxes. That means encouraging staff to take the extra minute or two to contact the presumed sender directly and ask if the email is legitimate or to manually type in the company\u2019s URL rather than click a link.Reeling in the phishDecreasing phishing attacks is a two-part process: one part training and one part alerting.Most employees struggle to tell the difference between a legitimate email and a phishing attack. Even those with a solid security background will struggle at times to tell the difference. Even though many companies now provide mandatory training, it often assumes that everyone is at the same level of knowledge, and even then, training is often just listening to a webinar or taking a quick quiz and that\u2019s the end of it.\u00a0 Many employees don\u2019t absorb or retain the training and go back to their normal risky email and link-clicking behaviors.Training needs to dive deeper. It could begin with a survey that assesses each employee\u2019s cybersecurity sophistication and base the training from there. It\u2019s also reinforcing how the employee behavior can impact company operations. The training should stress the importance of unique passwords and other bad behaviors. Training is great, but it only goes so far.That\u2019s where alerting comes in. With the right tools, it will be possible to monitor how employees use passwords or other online behaviors. These tools will also help customers practice better habits when they are on a company website and reduce risks for both them and the business.In addition to the standard tools and processes, intelligence software will be needed. For instance, if your employees browse the web during their lunch hour or use their personal devices to access the enterprise network, software from a company like Covered Security can apply intelligence to browsing behaviors. Companies like KnowB4 and Cofense provide the software intelligence for anti-phishing training.Despite the high numbers of shark sightings in the Cape Cod waters, community officials have been able to stave off attacks through effective threat warnings and working with their neighbors. That same approach can work with phishing attacks. Rather than work in silos, security professionals should work together to come up with effective threat strategies, better training and intelligence alert systems in effort to keep phishing attacks at a minimum. The hackers are always going to be circling; it\u2019s up to us to make sure they don\u2019t bite.