Area 1 Security CEO and former NSA spy Oren Falkowitz explains why tech, training, and education are the best methods for reducing the risk of phishing-based cyberattacks.
Phishing attacks are simple exploits, but they're also devastating. TechRepublic's Dan Patterson met with Oren Falkowitz, CEO of Area 1 Security to discuss why it's challenging to eradicate these simple hacks.
"Phishing attacks really rely on one key element and that is authenticity," Falkowitz said. It lures on the inevitability of users who think they're doing the right thing for their job or their lives, such as replying to emails from their CEO, or other trusted senders.
SEE: Cybersecurity in an IoT and mobile world (free PDF) (ZDNet/TechRepublic special report)
These attacks are primarily distributed via email. It can come in the form of an email with malicious links or an email with a malicious attachment, or it can even have no links or attachments but ask the reader for confidential information.
While it's important for individuals to be aware of the risks associated with phishing, it's also important to not put the blame on the individual for the damage done by the attack, he said. "We need technology to step in to protect users," he said.
"More often than not we need technologies to be making decisions and taking actions to protect the individuals, the organizations they work with, and increasingly the data those organizations protect," he added.
- Infographic: How to identify and avoid phishing attacks (TechRepublic)
- 10 tips for spotting a phishing email (TechRepublic)
- Report: Email attacks increasing, but none as much as impersonation phishing (TechRepublic)
- Phishing, sophisticated attacks most troubling to IT security pros (ZDNet)
- How to prevent phishing attacks in Microsoft Outlook and Office 365: 3 methods (TechRepublic)