Stephen Burke, Founder and CEO at Cyber Risk Aware:
“The effects of a spear phishing campaign can be far reaching such as ransomware, data breaches or financial fraud due to fake CEO emails, companies must ultimately have a ready to go and fully tested incident response plan.
It goes without saying that technical defences are required such as email filtering /gateways and anti-virus. However with over 35% of malicious emails getting through current defences as criminals regularly test emails and malware against these defences, the main focus for companies must be to help their staff know to what to look for both at home and in the workplace. Companies need to help build a human firewall and a last line of defence to effectively protect their network. This can be through email security awareness training but more importantly, to regularly test staff with mock phishing campaigns to track whether they engage with it and provide instant “awareness moments” feedback if they do. Ultimately, this encourages employees to check emails in a lot more detail and think before they click.”