Looking for a great metaphor for phishing awareness training? Look no further.
The Firearm Metaphor
In firearms training, every safety instructor is a curmudgeon for a reason. She will tell you a version of this sage piece of advice: keep your finger off the trigger at all times unless you are absolutely intent on firing your weapon.
If you are in rural Oklahoma, the advice is simple. Keep your booger hook off the bang switch! (Yes, this is based on a true story).
All fun aside, this reminds me of the dangerous realities of phishing emails and the need to keep from clicking on links unless you are absolutely intent on launching a URL.
Here are 5 reasons to stay vigilant…
- Prevalence of Suspicious Emails
- 86% of people said they had received more than one suspicious email in the last two weeks. The Living Security platform taught us in 2018 that the vast majority of computer users receive at least one suspicious email every two weeks (with some respondents indicating 5+ suspicious emails in the given time frame).
- Risk Perception (High)
- The Living Security platform also taught us that 64% of people felt their role made them a moderate to high risk target to cyber criminals. Higher risk perception often indicates the presence of sensitive data, especially for those with privileged access or influence.
- Deception Tactics
- In Q1 of 2019, malicious URLs outnumbered attachments 5-to-1, with benign looking .com top-level domains being involved 69% of the time. The kicker is that -- you know that lock in the upper-left hand corner of the URL bar? -- the majority of PHISHING links had it (https://). Deceptive tactics greatly increase the believability of a URL.
- Volume of Phishing Emails
- People are now 20x more likely to be robbed at their computers by a cyber criminal than to be held up in the street. To put the issue into perspective, the IRS reported a 60% surge in phishing attacks in 2018, while the 2018 Phishing Trends Report by PhishLabs highlights a 237% increase in attacks targeting SaaS systems.
- Fear and Unquantifiable Feelings
- Even “feeling vulnerable increases fraud vulnerability!” An unhealthy level of paranoia and fear take an emotional toll on employees and significantly increases decision fatigue with emails.
The good news is that, with training, people are also the best sensors. YOU are the best sensor!
Anyone can be shown to report suspicious email at a higher rate than clicking the bait. Phishing training awareness like this will tip the scales in favor of defenders keeping 'booger hooks' from getting too near the 'bang switches' in the first place. If you know what I mean…