Cofense: Why it’s time for everyone to defend against phishing

Employees of all levels can be harnessed to help protect their organisations from falling victim to the next big phishing attack, leading security experts have said.

Speaking to TechRadar Pro this week, Aaron Higbee, CTO of Cofense, says it’s not just the responsibility of IT teams or security experts to spot threats - particularly as many phishing attacks now target low-level employees.

“What (companies) are not paying attention to is that today’s phishing attacks are quite different,” he told us. “The things that our customers are facing today are remarkably different than what they were facing a year and a half ago.”


Cofense operates a range of services that lets anyone within an organisation flag potential phishing threats, and Higbee notes that in contrast to recent reports, the company has detected a rise in hackers going after low-level employees rather than the traditional c-level targets.

“It's that social engineering aspect where these guys are just getting smarter and smarter, which means we need to continuously adapt the way in which we're educating our workforce of what to look at.”

Finance-related emails remain a popular tactic, with businesses in all verticals capable of falling victim to a payroll or benefits-related scam email. But worryingly for many companies, that’s not all.

“There's innovation happening from the attackers perspective - the attack are quite different even to just a year ago,” Higbee says.

“What ends up happening is an attacker will have some degree of success with a tactic until they're sufficiently frustrated by some defense automated awareness - and at that point they have to change,” he adds - noting that this is often when organisations can be most at threat. 

“An organisation is exposed because they have to wait for the defense technologies to notice that to implement effects to test the effects, roll it out - and during that dwell time, those phishing attacks are successful.”

Higbee notes that Cofense looks to help bring different areas of the workforce together in helping keeping everyone safe from phishing threats.

“The problem is, you're never done - threat actors are relentlessly innovating to develop new ways to bypass the gate, so you have to continuously evolve your approaches.”

“One of the mantras that I think we've done a good job at destroying was the human is the weakest link,” he says. “We want to help you identify who is good at spotting phishing away from just IT people...If you can figure out who your stars are, and operationalise their insight and their intuition, you can stay on top of that.”

“If you double click into what the phishing threat landscape is, it has changed remarkably, and it continues to evolve,” Higbee says, “For an infosec person, it's almost tedious, it's an annoyance that we still haven't solved this problem!”

How It works

Search Crack for

Latest IT News

Oct 17
The browser will no longer highlight sites with EV certificates, and will put more emphasis on SSL encryption instead.
Oct 17
Nvidia’s graphics driver is now embedded in the ISO, plus support for AMD’s Navi GPUs has been introduced.
Oct 16
At a Surface event in London, Panos Panay, Microsoft’s chief product officer, revealed why the company has turned to a rival operating system for its upcoming dual screen phone.
Oct 16
Become more productive and edit text files in any format with this selection of the best free writing software.
Oct 16
There’s a surprising amount of power behind the Calculator app, which is now benefiting from some streamlining.
Oct 16
Safari's new private browsing mode is allowing users to bypass paywalls but don't expect publishers to give up just yet.
Oct 15
As Office 2010 reaches its end of life, Microsoft has laid out all the reasons why Office 365 ProPlus is a better choice than Office 2019.

Latest cracks