We read so much in the news these days about the financial cost, brand erosion, and reputation damage that comes with data breaches at companies both large and small. In the midst of all the activity to make sure that your assets are as impenetrable as possible, people sometimes forget that one of the leading causes of breaches is a successful phishing attack against a company’s employees.
A phishing, or social engineering, attack is an attempt by a threat actor to acquire confidential information through any form of interaction with a victim. A form of phishing is spearphishing, which is when a hacker targets a specific individual – usually under the pretext that they have legitimate business to conduct – to acquire sensitive information from them or as a means to deliver malware that then enables the criminal to infiltrate the victim’s network. While, educating and training your employees to take caution with their online activities is one of the best ways to stop breach attempts, much more can be done to detect, or even block, phishing and spearphishing campaigns before they can do any damage.