International Cyber Expo International Cyber Expo
  • About Us
Sunday, 12 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Don’t be a fool about endpoint protection

by The Gurus
June 5, 2020
in This Week's Gurus
phishing
Share on FacebookShare on Twitter

In the U.S., 35 percent of working-age adults do not know what phishing is. Considering the average office worker can see up to one risky email a day, that’s quite alarming. Clearly, this awareness gap is putting both business data and systems at risk. Factoring end users into the endpoint protection equation just makes sense.
Discussions about phishing prevention are on the rise, which is good. Unfortunately, that’s partially at the expense of organizations and end users. When companies like Google and Amazon make the news because attackers are corrupting their brands in order to propagate phishing scams, there are certainly more conversations — but at the tradeoff of more compromised networks, accounts, and devices.
But even though more and more companies and individuals are falling victim to phishing emails, and publications and news outlets are shining a light on this threat vector, that doesn’t mean end users have a solid awareness of this threat or that they’re actively trying to avoid these types of attacks. Those who do have some sense of the risk phishing messages pose are complicating the matter in another way: overconfidence.
A recent study published by the University of Texas at San Antonio found that a growing reason many end users fall for phishing scams is due to overconfidence; they simply believe they are smarter than the actors responsible for an attack. This is leading to a carelessness that is compromising endpoints with alarming regularity.
Compounding the problem is the fact that phishing messages are becoming more sophisticated. While overconfident users are looking for Nigerian prince emails, attackers are developing more targeted and more detailed messages that are exceedingly sophisticated and difficult for even infosec professionals to spot. And with ransomware on the rise and continuous advances in malware, these attacks can come with some crippling payloads.
The reality is that end users — and their decision-making skills — are attached to a vast number of your endpoints. If you are not continually educating employees about how to spot the evolving techniques and nuances cybercriminals are using to attempt to penetrate your defenses, you are allowing unnecessary risk to percolate within your security chain.
The first step in an effective security awareness training program is assessing employees’ depth and breadth of knowledge, and attempting to identify your organization’s most pressing susceptibilities. Though we’ve talked almost exclusively about phishing within this piece, the reality is that end-user risk management is bigger than email-based attacks. Many of the worst breaches we’ve seen of late weren’t caused by a single mistake, but rather a series of them. Typically, multiple employees could have taken action to stop an attack if they knew what to look for. A comprehensive training program helps to fill in the knowledge gaps, which can mean the difference between a single compromised endpoint, and a major data breach. As such, it’s important to assess your users and figure out where your organization’s gaps and weak links really are.
Some of today’s best security awareness programs incorporate phishing simulations, which allow companies to evaluate end users’ susceptibilities without exposing their networks to an actual attack. To ensure longevity, choose a tool that supports customizable email templates, multiple types of attachments, data entry fields, and the ability to test users’ recognition of embedded links and spoofed senders. Content updates are also critical, as cybercriminals are always coming up with new attack scenarios. Tools that regularly provide new and refreshed templates and materials help to ensure your program remains relevant and effective.
When using assessment tools like simulated attacks, it’s important to have a plan and measurable goals; this will allow you to take your program to another level. A good place to start is measuring failure rates (i.e., interactions with simulated phishing emails). Tools that allow you to dig in and analyze failure rates by user attributes — like department, office location, and manager — give you visibility into important susceptibility metrics and variations between groups, job functions, and geographies. It’s also valuable to be able to identify users who have had multiple failures — so-called “repeat offenders” — as this allows you to work with managers and your HR department to adjust access permissions and develop other escalation paths that will help employees become more careful (and keep your endpoints more secure).
A step that organizations sometimes overlook is delivery of ongoing cybersecurity training. Simulations are great for assessing end users’ ability to detect attacks, but they have a limited ability to educate employees about the breadth of techniques attackers use. The most successful program administrators educate end users about the types of threats they will encounter and give them the knowledge and well-placed confidence — not overconfidence — they need to make good decisions. The most sophisticated programs educate their users multiple times per year, opting for short and easily digestible lessons that don’t just teach new concepts but also help to reinforce previous lessons to prevent knowledge loss. Look for an education tool that offers brief, focused modules that will allow you to regularly provide training without overwhelming end users. If you can automatically assign training to employees who fall for a simulated attack, that’s a great advantage. This allows users to more clearly connect the dots between the phishing simulation and the follow-up education. If you send a simulated attack in January and then don’t provide training until August, you’ve lost any possibility for a logical connection between the two events.
Phishing can have serious impacts on endpoint security, which in turn can affect your organization’s intellectual property, reputation, customer confidence, and other important business indicators. If you are involved with developing an endpoint protection strategy, don’t be foolish and overlook how your end users’ awareness and knowledge (or lack thereof) play into your metrics for success.
By Kurt Wescoe, Chief Architect at Wombat Security Technologies

Tags: CyberendpointProtectionsecurityTechnology
ShareTweet
Previous Post

New Bill Aims to Ban Warrantless Phone Searches at the US Border

Next Post

Financial services firms prepare for influx of new cybersecurity regulations, according to survey from Duff & Phelps

Recent News

Cyber Shield

UK Government Unveils AI Powered Cyber Shield to Strengthen National Cyber Defense

July 10, 2026
KnowBe4 phishing by industry

Healthcare, Hospitality and Construction Named UK’s Most Phishing-Prone Industries

July 10, 2026
hand typing on keyboard

CitrixBleed 2 exploited in repeatable attack chain culminating in DragonForce ransomware, researchers find

July 9, 2026
malware

Huntress Uncovers ‘Vibe-Coded’ Malware Used to Map Active Directory Environments

July 8, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol