Trends Report

S&R Pros Must Empower Employees To Prevent Phishing Attacks

Technology Alone Won't Stop Attacks; Security Awareness Is Critical

August 20th, 2015
Kelley Mak, null
Kelley Mak
Rick Holland, null
Rick Holland
With contributors:
Stephanie Balaouras , Martin Whitworth , Josh Blackborow , Peter Harrison

Summary

In a phishing attack, cybercriminals use email and/or social media to trick employees into revealing confidential information about themselves or their firms or clicking on malicious files or web links that infect their computers with malware. The attacker's phishing tackle box is loaded with specialized hooks to hack into an organization, and too many employees are taking the bait. When the countermeasures security teams employ fail to prevent these attacks, the next level of defense falls on the employee. Yet, current security awareness practices aren't providing the right kind of training to help employees identify and report phishing attacks. In this report, we look at where security awareness is going wrong and how security and risk (S&R) pros can revamp their security awareness programs to empower employees to protect themselves and their firms from phishing attacks.

Want to read the full report?

Contact us to become a client

This report is available for individual purchase ($1495).

Forrester helps business and technology leaders use customer obsession to accelerate growth. That means empowering you to put the customer at the center of everything you do: your leadership strategy, and operations. Becoming a customer-obsessed organization requires change — it requires being bold. We give business and technology leaders the confidence to put bold into action, shaping and guiding how to navigate today's unprecedented change in order to succeed.