Cofense: Why it’s time for everyone to defend against phishing

Employees of all levels can be harnessed to help protect their organisations from falling victim to the next big phishing attack, leading security experts have said.

Speaking to TechRadar Pro this week, Aaron Higbee, CTO of Cofense, says it’s not just the responsibility of IT teams or security experts to spot threats - particularly as many phishing attacks now target low-level employees.

“What (companies) are not paying attention to is that today’s phishing attacks are quite different,” he told us. “The things that our customers are facing today are remarkably different than what they were facing a year and a half ago.”


Cofense operates a range of services that lets anyone within an organisation flag potential phishing threats, and Higbee notes that in contrast to recent reports, the company has detected a rise in hackers going after low-level employees rather than the traditional c-level targets.

“It's that social engineering aspect where these guys are just getting smarter and smarter, which means we need to continuously adapt the way in which we're educating our workforce of what to look at.”

Finance-related emails remain a popular tactic, with businesses in all verticals capable of falling victim to a payroll or benefits-related scam email. But worryingly for many companies, that’s not all.

“There's innovation happening from the attackers perspective - the attack are quite different even to just a year ago,” Higbee says.

“What ends up happening is an attacker will have some degree of success with a tactic until they're sufficiently frustrated by some defense automated awareness - and at that point they have to change,” he adds - noting that this is often when organisations can be most at threat. 

“An organisation is exposed because they have to wait for the defense technologies to notice that to implement effects to test the effects, roll it out - and during that dwell time, those phishing attacks are successful.”

Higbee notes that Cofense looks to help bring different areas of the workforce together in helping keeping everyone safe from phishing threats.

“The problem is, you're never done - threat actors are relentlessly innovating to develop new ways to bypass the gate, so you have to continuously evolve your approaches.”

“One of the mantras that I think we've done a good job at destroying was the human is the weakest link,” he says. “We want to help you identify who is good at spotting phishing away from just IT people...If you can figure out who your stars are, and operationalise their insight and their intuition, you can stay on top of that.”

“If you double click into what the phishing threat landscape is, it has changed remarkably, and it continues to evolve,” Higbee says, “For an infosec person, it's almost tedious, it's an annoyance that we still haven't solved this problem!”

How It works

Search Crack for

Latest IT News

Jul 18
Microsoft’s revamp of Edge is good news for anyone who uses a Chromium browser on Windows 10.
Jul 16
Data privacy issues block Microsoft Office 365 use in some German schools
Jul 12
Budgeting solutions that can do the heavy lifting when it comes to analyzing your financial situation.
Jul 8
The new Debian has been over two years in development, and makes some impressive strides forward.
Jul 6
After eight months of user testing, Microsoft is finally rolling out its updated version of Outlook for the web.
Jul 4
Broadcom may be looking at Symantec deal following last year's CA Technologies acquisition
Jul 2
Microsoft is bringing new features to its Office apps to improve their functionality in virtual environments.

Latest cracks