We know why phishing works; we know how it works. And yet the schemes still work, and they're only getting more effective. How can we stop phishing? Jim Hansen of PhishMe has some ideas, and they just might surprise you.
Hansen, COO of anti-phishing vendor PhishMe, says it isn't about throwing more technology at the problem, and it certainly isn't about blaming the users for being duped by fraudsters.
Instead, he says, it's about training the users to be your first - and most effective - line of defense.
"If folks are aware of what the problem is, let's show them how to identify it, and let's encourage them to report it instantly," Hansen says. "And let's get that data in the hands of the IT security professionals that can figure out 'is this a real threat or not? How do we stop it? How do we get the rest of the organization to not fall for it?'
"You can make exponential spend on security technologies themselves and probably get a little bit of additional risk reduction," he says. "But here we've got a whole area that has been fundamentally untapped by many organizations. So, a modest spend, with some time and some energy, could instead bring a huge change to the security posture of an organization."
In an interview about phishing defenses, Hansen discusses:
- Today's most successful phishing schemes;
- Why technology solutions alone are ineffective;
- How PhishMe seeks to empower the user to spot and report phishing scams.
PhishMe executives will be attending RSA Conference 2017 to discuss the latest anti-phishing strategies and solutions.
Hansen has more than 22 years of experience in information security. Before joining PhishMe, Hansen one of the founders and COO of Mandiant, and he held executive and management positions at Trident Data Systems (acquired by Veridian), Veritect (acquired by General Dynamics), Foundstone (acquired by McAfee) and Oakley Networks (acquired by Raytheon). He also was deputy director of computer crime investigations for the Air Force Office of Special Investigations.