Add Your Heading Text Here

Protection from Phishing, is it Possible?

Arguably one of the greatest cyber threats to any business is phishing. But what protection from phishing can we do? What hardware or antiphishing software is available? And can a business remove 100% risk from phishing?

email phishing cannon

Here at SKALES we’ve discussed various solution types, but today we will discuss the general concept of, can we adopt protection against phishing in order to achieve 0% risk?

Any organisation using emails will have received SPAM. Someone, somewhere has sourced your email address. If addresses are not supplied to mailing lists, they’re typically acquired illicitly by reading the addresses of other recipients within an email. Often however, email addresses are scrapped and collected by crawlers (A computer process/programme searching the internet for data) and unfortunately passed or sold between entities. In 2019 a security researcher found a database of 800 million email address, you can read more about that here.

Sometimes however, they’re simply guessed. Using standard formats such as . maybe convenient for the business, but its also convenient for an actor with illicit intent. Unfortunately this means, its unlikely someone has your email address you perhaps they’d rather not.

Protection from Phishing

The best form of phishing protection is the security email gateway, it is the first line of defence and typically will process the vast majority of SPAM, preventing phishing from reaching staff. You can read more about SEG and similar controls here.

Once arrived, we’re reliant on staff to identify where a SEG has failed. We train our staff, but on average 13% remain susceptible. SKALES Guardian reduces the susceptibility of staff by alerting / nudging staff to probable threats.

Organisations should have defined processes and policies for staff to follow, preventing dangerous actions, such as wiring funds to a new account. See our article on policies and processes here.

Next Step to Prevent Phishing and Lower Risk

Additional controls may include device management, or network security. In order for these devices to provide any value, the SEG and human-layer has failed. It is best to provide protection from phishing as far up the attack chain as possible, and ultimately preventing staff clicking dangerous links. You can find additional advice on the NCSC website hereTry SKALES today and prevent phishing from impacting your business.

Subscribe for more