Security professionals are working hard to defend their organizations from cyberattacks through a combination of training, policies, and technology. But, despite all that work, phishing attacks still account for 70-90% of all malicious data breaches.
Why? In short, threat actors are innovators…but not in a good way. They spend considerable time and effort gathering detailed personally identifiable information (PII) on their intended targets and they are constantly innovating on ways to leverage it. They need to know all the personal details about the executives and employees they’re targeting. Details about the targets’ background, relationships, and family, their shopping habits and interests, their frequent business contacts and partners, all feed into the social engineering strategy.
On May 19, 2022, we had the privilege of hosting a webinar discussing how personal information, especially that which is found on the open web, feeds into the ever-growing corporate risk of phishing attacks.
Our speakers Roger Grimes, Data-Driven Defense Evangelist at KnowBe4 [the world’s first and largest New-school security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering], and Rob Shavell , CEO of DeleteMe, gave us many important takeaways; including:
- Publicly available PII Is a growing source of phishing risk for organizations
- Passwords and multi-factor authentication (MFA) are easier to hack than most think
- The more PII that can be removed off the internet, the better off you’re going to be against all types of social engineering attacks
- Risk-mitigation should be a mix of workforce training & active PII-protection
If you’re interested in listening to the full webinar on mitigating phishing risk with Rob and Roger, the recording is available on demand now.
If you’d like a copy of the slides from the webinar, contact us and let us know!