Cofense: Why it’s time for everyone to defend against phishing

Employees of all levels can be harnessed to help protect their organisations from falling victim to the next big phishing attack, leading security experts have said.

Speaking to TechRadar Pro this week, Aaron Higbee, CTO of Cofense, says it’s not just the responsibility of IT teams or security experts to spot threats - particularly as many phishing attacks now target low-level employees.

“What (companies) are not paying attention to is that today’s phishing attacks are quite different,” he told us. “The things that our customers are facing today are remarkably different than what they were facing a year and a half ago.”


Cofense operates a range of services that lets anyone within an organisation flag potential phishing threats, and Higbee notes that in contrast to recent reports, the company has detected a rise in hackers going after low-level employees rather than the traditional c-level targets.

“It's that social engineering aspect where these guys are just getting smarter and smarter, which means we need to continuously adapt the way in which we're educating our workforce of what to look at.”

Finance-related emails remain a popular tactic, with businesses in all verticals capable of falling victim to a payroll or benefits-related scam email. But worryingly for many companies, that’s not all.

“There's innovation happening from the attackers perspective - the attack are quite different even to just a year ago,” Higbee says.

“What ends up happening is an attacker will have some degree of success with a tactic until they're sufficiently frustrated by some defense automated awareness - and at that point they have to change,” he adds - noting that this is often when organisations can be most at threat. 

“An organisation is exposed because they have to wait for the defense technologies to notice that to implement effects to test the effects, roll it out - and during that dwell time, those phishing attacks are successful.”

Higbee notes that Cofense looks to help bring different areas of the workforce together in helping keeping everyone safe from phishing threats.

“The problem is, you're never done - threat actors are relentlessly innovating to develop new ways to bypass the gate, so you have to continuously evolve your approaches.”

“One of the mantras that I think we've done a good job at destroying was the human is the weakest link,” he says. “We want to help you identify who is good at spotting phishing away from just IT people...If you can figure out who your stars are, and operationalise their insight and their intuition, you can stay on top of that.”

“If you double click into what the phishing threat landscape is, it has changed remarkably, and it continues to evolve,” Higbee says, “For an infosec person, it's almost tedious, it's an annoyance that we still haven't solved this problem!”

How It works

Search Crack for

Latest IT News

May 20
Microsoft has patented an automated travel diary tool.
May 17
Users also get the ability to create polls directly from within the Tweet Composer.
May 16
Microsoft’s KB4494441 update is so good it installs itself twice.
May 14
Adobe Lightroom is getting in-app tutorials along with a host of new editing tools.
May 13
Putting together an online portfolio of your work doesn't have to be difficult or expensive.
May 11
Where you are determines how you conduct yourself online, report says
May 10
Everyone can play a part in stopping the next big phishing attack, Cofense says

Latest cracks