“Do Your Part. Be Cyber Smart” is good advice, and this month, M3AAWG joins forces as part of Cybersecurity Awareness Month. This complements the org’s mission to work against botnets, malware, spam, viruses, DoS attacks and other online exploitations.
During the October campaign, #BeCyberSmart” will help users by educating them on cyber hygiene such as effective passwords and MFA, recognizing and reporting phishing attempts and advocating “security by design” for connected devices. Industry experts suggest companies tap available info to educate employees and avoid opening suspicious emails and files, among other best practices.
The FBI reports that in 2020, phishing was the most common cybercrime; it received more than 241,342 complaints. Further, phishing attacks accounted for more than 80 percent of reported security incidents (Verizon Data Breach Investigations Report). Many such attacks can be prevented by users carefully considering when to click emails and attachments from unknown or suspect sources and reporting them when possible.
Earlier in 2021, M3AAWG addressed phishing in a session (https://www.m3aawg.org/blog/m3aawg-51-online-anti-abuse-industry-gathers-to-collaborate-around-longstanding-and-emerging) with NIST. Titled The Phish Scale: NIST’s New Method Helps IT Staff See Why Users Click on Fraudulent Emails was lead by Jody Jacobs, Information Security Specialist, and Shaneé Dawkins, Computer Scientist, National Institute of Standards and Technology (NIST). The session detailed the organization’s new DIY method for rating human phishing detection difficulty, the Phish Scale. The methodology accounts for user context, which plays a central role in determining phishing susceptibility, to better equip organizations with the insights they need to tailor phishing training to their environment and employees.
Cybersecurity Awareness Month is organized by the National Cyber Security Alliance with more info at https://staysafeonline.org.