4 Myths About DNS Filtering
Trevagh StankardDNS filtering is essential in protecting against web-based threats such as phishing and malware. Here we explain the risks, features, and benefits of DNS filtering and it can protect employees...
Although general phishing attacks send malicious email messages to a mass group of people, spear phishing is much more targeted. Attackers take their time in a spear phishing attack to determine the right target and increase their chance of success. It takes time to create a spear phishing attack, and research is a critical initial step in every strategy. Although a target’s position within the organization and potential permissions on the network are important factors, a recent study shows that some personality traits are more vulnerable to phishing than others.
The study focused on the five basic personality traits: openness, conscientiousness, extraversion, agreeableness, and neuroticism. A brief description of each:
With these traits in mind, researchers performed several rounds of phishing attacks. Statistics were divided into three categories: opened email clicked link and submitted data. Identifying if a user opens an email versus clicks a link and submits data provides a level of severity for human vulnerabilities within the organization. For example, a user might open an email and determine that it’s phishing without interacting with its content. Another user might open the email and click the link, indicating that the user did not know that the email was a phishing campaign. Security teams must focus training efforts on users who do not recognize phishing emails, click links, or submit data.
The researchers found that age and neuroticism greatly affected results. High neuroticism was associated with a greater chance of a user opening the email, while a higher age reduced the chance of the phishing email being opened. An increase in openness and conscientiousness lowered the risk of the phishing links being clicked, but people with high extraversion, agreeableness and neuroticism traits were more likely to click the malicious phishing email link. The same traits affected the likelihood of a user submitting data. Like the statistics for clicking the phishing link, an increase in openness and conscientiousness lowered the risk of the phishing links being clicked, but people with high extraversion, agreeableness and neuroticism traits were more likely to click the malicious phishing email link.
Many of the personality traits that increase risk of a security vulnerability also help with certain job functions, so the answer isn’t to hire based on personality but to train users and install the right infrastructure. For example, sales and marketing people might generally be extraverted to help with their job functions. Corporations can work with people containing these specific traits so that they can identify and detect a phishing email rather than interacting with it.
Security awareness training should always be a part of corporate onboarding. Training empowers users to recognize spear phishing and understand the implications of falling for a malicious email. Security awareness training can be materials available to employees on the network, or businesses can offer web-based training videos and content. Periodic phishing tests and exercises tell administrators when any employee needs more training. Phishing tests track user interaction with phishing messages, and any users tricked into interacting with them or submitting sensitive data can be retrained.
Email filters are also necessary for any organization. They take the human factor out of phishing security and stop messages from reaching the intended targeted recipient. Security filters use artificial intelligence to identify suspicious messages and quarantine them so that an administrator can further review messages for any spear phishing content. Any messages identified as spear phishing can be analyzed to figure out if any other attacks are targeting a specific employee, so the employee can be notified.
TitanHQ SpamTitan is an easily configured full phishing security solution that blocks general and targeted spear phishing. To get started, check out how SpamTitan can greatly reduce your organization’s risk of being the next victim of a data breach.
Did you know that phishing remained the second most prominent cause of data breaches in 2021? The tactic is quite old, and we’re all probably familiar with it now, yet many employees still fall for it.
Most often than not, staff can’t tell a phishing email from a legitimate one. However, concerns such as this are addressable through security awareness training. Be safe, not sorry. If you feel the urgent need to empower your team with security awareness, contact TitanHQ. Our elite cyber experts will be happy to help you and your team learn how to protect your brand and your assets.
Take our Security Training Awareness Quiz
PhishTitan is an advanced phishing protection solution for companies using M365, powered by AI technology. Sign up for our Free Demo to learn more.
Free DemoDNS filtering is essential in protecting against web-based threats such as phishing and malware. Here we explain the risks, features, and benefits of DNS filtering and it can protect employees...
Uncover the dangers of workplace password sharing and outdated practices. Learn about secure alternatives like shared mailboxes and permissions and explore modern security practices in this must-read blog.
The imminent Cisco Umbrella Roaming Client End-of-Life has left many users uncertain about their next steps and exploring alternative DNS protection.
Sign-up for email updates...