When a company is phished, the timeframe between a user’s click and an alert reaching the security team is crucial. According to recent user test data*, you have 16 minutes until the first click on a phishing campaign, while the first report from a savvy user won’t arrive for 28 minutes. Attackers rely on phishing as a primary strategy because it continues to be both effective and efficient, as users remain the most vulnerable attack vector, but earlier visibility helps admins respond faster.
The best defense against phishing is proactively educating your users, through a shame-free campaign that prepares them for real-world phishing attempts. Along with teaching your users what to watch for, an internal phishing exercise can result in faster user reports of possible phish attempts and reinforce your security response plan.
* 2018 Verizon DBIR, page 3
Josh Green is the Solutions Engineer for Duo Security’s London office, providing pre-sales engineering support for organizations of all sizes. He works closely with everyone from CIOs, CISOs, IT Security, IT management and staff on product education, planning and deployment of Duo Security products. Josh has been working in the cybersecurity space for the past 7 years dealing with Identity Management, Vulnerability Management, and Authentication. He speaks 4 languages, and in his spare time, enjoys learning new ones.