In cybersecurity, there’s a best practice called Defense in Depth. The idea behind Defense in Depth is very simple. Put up a bunch of different types of barriers instead of just relying on one. This way, no matter what attack vector the enemy chooses, you’re covered.
Defense in depth is a pretty sound cybersecurity strategy, one which many companies employ, except for when it comes to phishing protection.
The one thing everyone agrees on is that users are the weak link in the phishing prevention chain. But, the big question is, what to do about it? Judging by the headlines recently, it seems the issue has been settled and the consensus answer is phishing awareness training. According to Cybersecurity Ventures, “the market for security awareness training will reach $10 billion annually by 2027, up from roughly $1 billion in 2014.”
Awareness training isn’t the problem. In fact, it’s part of the solution. The problem occurs when organizations forget about Defense in Depth and rely solely on awareness training to prevent phishing.
Phishing awareness training alone will not protect your company because all the training in the world won’t get the click rate of employees down to zero. And it only takes one click to infect your entire organization.
Phishing prevention takes more. It takes cloud-based, real-time scanning technology for those times when your well-trained employees get distracted and click on a malicious link unintentionally.
When I see headlines like Why phishing education has never been more critical to your business, I always wonder why I don’t see headlines like Why phishing prevention technology has never been more critical to your business. Afterall, they’re both part of a Defense in Depth strategy to prevent phishing, the number one cause of cyberattacks.
If you want to train your employees to stop phishing emails, go ahead. But do yourself a favor. Do it as part of a more holistic approach to phishing prevention. When you’re ready to deploy a Defense in Depth strategy at your company to make it tough on cybercriminals, head on over to Phish Protection. It works with all email clients. Try it free for 30 days.