Relying solely on spam filters to protect your organisation from phishing attacks is unfortunately not enough. Today\u2019s cybercriminals are constantly innovating, and they\u2019re targeting our people as much as our technology. <\/p>\n\n\n\n
As phishing attacks become more sophisticated\u2014often powered by AI\u2014we need to think about security as more than just technology; it\u2019s a cultural imperative that involves every employee.” <\/p>\n\n\n\n
Phishing remains the most widely used cyber-attack vector, with a staggering 78%<\/strong><\/a> of phishing attacks in 2022 using sophisticated techniques to bypass email security tools. <\/p>\n\n\n\n Even more alarming, 56% of these attacks<\/strong><\/a> circumvented legacy security filters entirely.<\/p>\n\n\n\n Anna Collard, SVP Content Strategy and Evangelist at KnowBe4 AFRICA, emphasises the gravity of the situation: \u201cThe threat of a data breach for companies is genuine. Traditional approaches like secure email gateways alone aren\u2019t enough against well-orchestrated, human-centered attacks.\u201d<\/p>\n\n\n\n Collard\u2019s own experience serves as a cautionary tale. Despite her expertise in cybersecurity, she fell victim to a cleverly disguised phishing email while in transit. <\/p>\n\n\n\n \u201cI was in an Uber, checking my emails as I chatted to the driver,\u201d she recalls. \u201cI saw an email supposedly from Uber asking me to update my account details. It was an incredible coincidence that I was in an Uber at the time, so without hesitating, I clicked on it.\u201d<\/p>\n\n\n\n This incident underscores a crucial point: even the most security-conscious individuals can be caught off guard when distracted or overwhelmed, a state of mind many employees regularly experience.<\/p>\n\n\n\n Recent studies reveal that at least 14%<\/strong><\/a> of employees regularly click on phishing emails, with distractions accounting for 45%<\/strong><\/a> of these clicks. <\/p>\n\n\n\n The human element remains a critical weak point in cybersecurity defences, but it can also be a powerful asset when adequately harnessed.<\/p>\n\n\n\n Stephen Osler, co-founder and business development director at Nclose<\/strong><\/a>, a provider of cybersecurity services, notes: \u201cTraditional email security measures often focus only on technological solutions, neglecting the crucial human aspect of cybersecurity. While spam filters and secure email gateways play a role, they\u2019re insufficient against modern cybercriminals\u2019 sophisticated social engineering tactics.\u201d<\/p>\n\n\n\n Collard agrees, adding, \u201cIf you want to change human behaviour, you cannot rely on training alone. That is where phish testing plays a crucial role.\u201d <\/p>\n\n\n\n However, she cautions against approaches that shame or instil fear in employees who fall for these tests. <\/p>\n\n\n\n \u201cThe goal should never be to shame individuals who fail the test, as this can have negative consequences,\u201d she explains.<\/p>\n\n\n\n Instead, Collard advocates for a more empathetic approach. \u201cAre staff feeling stressed and overworked? Are they going through financial difficulty? Knowing this will help organisations understand what\u2019s driving employees\u2019 risky online behaviour.\u201d<\/p>\n\n\n\n As cyber threats evolve, so too must our defence strategies. <\/p>\n\n\n\n Innovative solutions are emerging that combine the power of artificial intelligence with the collective intelligence of human users\u2014an approach known as crowdsourcing.<\/p>\n\n\n\n \u201cCrowdsourcing enables users to report phishing campaigns faster than conventional methods,\u201d Collard explains. \u201cImagine tens of thousands of organisations sharing this sort of information. Imagine a blocklist where not just your users\u2019 reported phishing emails end up, but millions from all over the world.\u201d<\/p>\n\n\n\nThe human factor: Both vulnerability and strength<\/h3>\n\n\n\n
Beyond traditional defences: The rise of AI and crowdsourcing<\/h3>\n\n\n\n