Our mission is making INBOX.CLEAN™ a reality: stop phishing attacks — the root cause of 95% of breaches — before they reach users. Get the only solution that preemptively stops Business Email Compromise, malware, ransomware and other advanced threats by discovering and eliminating them before they cause damage.
A cybersecurity analyst or engineer wakes up every morning, flips on their laptop, and defends others from attacks, responding at the speed of lightning to beat cyber villains, and with unmatched adaptability and agility stops cyber villains from getting into your inboxes and organizations – all while calling it just a normal day at the office.
Area 1’s cloud-native SaaS solution supports three key use cases: preemptive anti-phishing across all threat vectors (email, web, social, network); cloud email security / SEG replacement; and phishing security automation for SOC teams.
Area 1 is a Microsoft Certified Partner and a Google Cloud Security Technology Partner of the Year. We also integrate with a number of SIEM, SOAR, SEG and firewall technology providers to fit your unique infrastructure. Learn More
FIND A CHANNEL PARTNER
Work with trusted cybersecurity experts across the globe to secure your business. Learn about our partnerships with Legato Security, Optiv, SADA Systems, SYNNEX and others. Channel Partners Become A Channel Partner
Some things just go together: Bacon and eggs, peanut butter and jelly, Batman and Robin … anti-phishing technology and security awareness training.
Phishing attacks continue to be the root cause of 95 percent of cyber breaches (a fact we hope you won’t forget amongst all the other things you’ll see/hear/read during Cyber Security Awareness Month). And in its latest 2020 Market Guide for Email Security (ID: G00722358) Gartner continues to recommend anti-phishing behavioral conditioning (aka security awareness training) as phishing attacks continue to become more sophisticated.
However, Gartner also goes on to state that security awareness training needs to be complemented by technology investments such as Integrated Email Security Solutions (IESS) for their advanced phish detection capabilities, acknowledging that “user awareness is not 100% effective.”
Why Both Technical Controls and Training?
According to a recent survey conducted by Osterman Research, nearly 60 percent of employees were not confident in their abilities to identify a social engineering attack. But on its own, security awareness training isn’t sufficient to defend against phishing attacks.
The effectiveness of security awareness programs also vary. While they can help reduce phishing risk, organizations must make a concerted effort to continue awareness programs as phishing awareness training wears off after only a few months. Other studies indicate that while training was perceived as effective, it did not actually reduce employee susceptibility to phishing.
Yet another study, published in September in the Journal of Cybersecurity, noted that “when a user’s work context was well aligned with the phishing email premise, they were more likely to attend to compelling cues, and completely ignore or largely discount suspicious cues.”
Why Security Awareness Won’t Stop Breaches from Phishing
Organizations are often required to deploy security awareness training to meet regulatory, legal, or industry requirements. But even when organizations are required to implement training, recent cybersecurity incidents demonstrate that phishing attacks still succeed.
Universal Health Services (UHS), one of the largest healthcare services providers in the United States and United Kingdom, was forced to temporarily shut down systems due to a ransomware attack initiated through a successful phishing attack. The ransomware in question, Ryuk ransomware, is particularly concerning for the healthcare industry as it can propagate and infect Internet of Medical Things (IoMT) devices.
Imaging provider Assured Imaging was hit by an attack that exposed records of nearly 245,000 patients. The compromised electronic health record system held full names, addresses, dates of birth, patient IDs, and other medical information.
BancoEstado, one of Chile’s largest banks, shut down all branches after a ransomware attack infiltrated the company through a malicious phishing email. The attack originated from a malicious Microsoft Office document sent to an employee.
So, while security awareness training helps organizations meet their regulatory and legal requirements to educate employees, it’s clear from these incidents at organizations subject to security awareness training requirements that training doesn’t stop phishing breaches.
Further, not only do phishing breaches still occur after security awareness training is implemented, but the cost of recurring training can be significant. Plus, employees often view security training, and the responsibility of taking the time to analyze and evaluate whether an email or a link seems authentic, as a hindrance to productivity.
Training can also leave a false sense of security because copyright laws restrict the use of brand logos without the brand’s permission. So spoofed test emails are easier for employees to recognize than hacker phishing emails. Hackers don’t care about copyright laws and use logos without the brand’s permission (PS: DMARC won’t catch brand spoofs either).
Lastly, business today is mainly online. Security awareness training can make employees fearful of online interactions and can be counter-productive to getting work done.
To best protect from phishing breaches, Gartner recommends organizations deploy advanced technical controls to block as many phishing attacks as possible, supplementing any user training or awareness programs that are already in use.
Specifically, organizations should look at advanced technical controls that “detect threats before they arrive at the user’s inbox.” Area 1 Security is honored to have been included by Gartner in the 2020 Market Guide for Email Security as an IESS with advanced capabilities including “machine-learning-based detection trained on existing emails, image analysis, account takeover detection and image recognition of URLs to identify phishing attacks.”
Get Ahead of Phishing Attacks
If your organization is struggling to get ahead of phishing attacks and even after implementing legacy defenses or user training, Area 1 Security can help immediately close that gap, in a proactive, comprehensive and accountable way. To learn which threats are bypassing your current defenses, request a complimentary Phishing Risk Assessment here.
Want to keep up to date with the latest phishing trends?
Today is National Superhero Day, and we would like to dedicate this day to you—the SOC teams and the security experts on the frontline of the phish fight.
https://www.area1security.com/wp-content/uploads/2022/05/BlogBanner_PoTWSuperhero_2022MAY.png20845209Shalabh Mohanhttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngShalabh Mohan2022-04-28 13:51:312022-06-01 10:55:30Superhero strategies for the Phish Fight
Business Email Compromise (BEC), also sometimes referred to as email account compromise (EAC) or vendor email compromise (VEC), is a type of phishing attack that takes advantage of an existing relationship between a victim and organization.
https://www.area1security.com/wp-content/uploads/2022/04/BlogEmailBanner_BECAttackType_2022APR14.png13072500Elaine Dzubahttps://www.area1security.com/wp-content/uploads/2022/04/Cloudflare-A1S-Logo-1-1.pngElaine Dzuba2022-04-18 10:07:242022-04-28 08:48:24Understanding the Four Business Email Compromise Attack Types