• United States



Phishing Attacks are on the Rise, and Cyber Awareness is One of Your Best Defenses

Oct 31, 20225 mins
Network Security

istock 1073379174
Credit: iStock

Cybersecurity Awareness Month has come to an end, yet security should be a top priority all year round for organizations of all shapes and sizes.

The threat landscape is constantly evolving, with cybercriminals finding new ways to trick unsuspecting victims and infiltrate networks. For example, according to the 1H 2022 FortiGuard Labs Threat Report, ransomware is rampant, showing no signs of slowing its pace. These attacks are becoming more sophisticated and aggressive, with attackers introducing new strains and updating, enhancing, and reusing old ones. What’s especially concerning as we look back at the first half of 2022 is that we observed 10,666 ransomware variants, compared to just 5,400 in the previous six months. That’s nearly 100% growth in ransomware variants in half a year.

Attackers deliver ransomware to an unsuspecting victim in many ways. Yet, phishing—a cybersecurity threat that targets users directly through email, text, or direct messages—is the number one attack vector associated with ransomware.

As a result, your employees most of the time are the first line of defense regarding phishing attacks. That’s why providing ongoing cybersecurity awareness training for everyone in your organization is essential to guarding against phishing attempts, and ultimately strengthening your security posture.

Employee Cyber Awareness (or a Lack Thereof) Impacts the Bottom Line

An effective CISO and a world-class security program staffed by well-trained analysts are critical to any organization’s security posture. Still, these elements alone aren’t enough to “win” the battle against attackers and stop cyber threats. Regardless of their role, every person in an organization needs to have basic cybersecurity knowledge to defend the business against clever threat actors.

Recent studies show that your employees are critical in stopping cybersecurity incidents. According to the Verizon 2022 Data Breach Investigations Report, 82% of successful breaches involved the human element. And the Fortinet 2022 Cybersecurity Skills Gap Report notes that 80% of respondents said their organization suffered one or more breaches that they could attribute to a lack of cybersecurity skills or awareness.

It’s no secret that the stakes are high when it comes to security incidents, yet data shows us just how damaging they can potentially be to an enterprise. The same Fortinet report shows that 64% of organizations experienced breaches that resulted in lost revenue during the past year, and a staggering 38% of organizations reported that breaches cost them more than a million dollars.

Every employee must be aware of the common methods threat actors use to breach networks so they don’t fall victim to these attempts. This requires ongoing cybersecurity awareness training. Training equips employees with the skills and knowledge needed to understand cyber risks, how they impact the business, and how to detect a potential attack.

Help Your Employees Spot Phishing Attempts

When implementing an ongoing, organization-wide education program, identify key areas that present the most significant risks to the end user (and your business). In the case of phishing, offer employees practical tips for identifying a potential phishing attempt. For example, encourage them to review emails closely—verifying the sender’s address, reviewing the grammar and spelling, and mousing over and inspecting any links or attachments—before taking action. 

For those interested in implementing a training program for their employees there are security awareness and training services available, including the Security Awareness and Training service from the Fortinet Training Institute. Fortinet’s service can provide your organization with customized education programs to help create a cyber-aware culture in which employees are more likely to recognize and avoid falling for common cyberattack attempts.

Implement an Ongoing Cybersecurity Training Program

Making cybersecurity awareness an integrated and continuous part of your organization’s work culture is vital.The best security awareness training programs are comprehensive, current, supported by executives, and engaging so that your staff will learn and be better equipped to defend themselves and your organization against cybercriminals.

While each organization’s security training program will differ based on the unique risks that impact their business, there are several core areas that any program should cover. In addition to phishing attacks and ransomware, consider including modules that educate employees on the following topics: social engineering, social media use, internet and email use, mobile device security, removable media and devices, passwords and authentication, physical security, Work From Anywhere (WFA), public wi-fi use, and cloud security.

Move Toward Converging Your Security Technology

While phishing is a popular attack technique among cybercriminals, it’s just one of the many ways bad actors may try to breach your organization. Cybercriminals frequently add new techniques to their playbooks to sidestep defense mechanisms, evade detection, and scale their operations. Our threat intelligence shows that cybercriminals are finding new attack vectors to experiment with related to familiar exploits and increasing the frequency with which they execute them. 

While well-trained employees are one of your company’s best lines defense, having the right security solutions in place is just as critical. For example, using a spam filter, updating software regularly, and backing up data are important steps in protecting your enterprise from phishing attempts. Additionally, creating a holistic cybersecurity mesh architecture—instead of stitching together multiple point products—allows for much tighter integration and increased automation, making it easier for your team to coordinate quickly and stop attackers in their tracks.

Find out more about how Fortinet’s Training Advancement Agenda (TAA) and Training Institute programs—including the NSE Certification programAcademic Partner program, and Education Outreach program—are increasing access to training to help solve the cyber skills gap