• About Us
  • Contact
  • Careers
  • Send Us a Tip
Menu
  • About Us
  • Contact
  • Careers
  • Send Us a Tip
CyberNews logo
Newsletter
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
Menu
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
CyberNews logo

Home » Security » New tool aims to help us avoid phishing attacks

New tool aims to help us avoid phishing attacks

by Adi Gaskell
23 November 2020
in Security
0
At sign hung on a fishing rod

© Shutterstock

25
SHARES

The recent Official Annual Cybercrime Report from Cybersecurity Ventures predicted that the cost of cybercrime globally will reach $6 trillion by 2021, which is double the cost from 2015. This obviously encompasses a wide range of possible forms of attack, but phishing remains enduringly popular among cybercriminals.

New research from the National Institute of Standards and Technology (NIST) highlights the creation of a new tool, called the Phish Scale, that NIST believes will help organizations to train their employees so that they can avoid phishing attacks.

The researchers believe that too many employees are unaware of the risk phishing attacks pose, and are therefore often unaware of the steps they can take to protect themselves from becoming victim to them. Phishing emails have become especially prevalent during COVID-19 as attackers have taken advantage of the uncertainty surrounding the virus to mimic government agencies or health service providers in order to trick people into clicking links and submitting details that can be used to compromise them.

Evaluating the risk

The tool aims to allow organizations to accurately gauge the risk posed by phishing and to then address any vulnerabilities exposed. These vulnerabilities are often addressed by training programs that present employees with emails designed to replicate the style and tone of actual phishing emails so that they become better attuned to their characteristics, and therefore detect when they might be being attacked.

The click-through rates on these training programs are then assessed by the cybersecurity staff within the organization, to determine both the risks across the organization and whether the training sessions are working or not. 

Generally speaking, high click-through rates are usually seen as bad, with low click-through rates more positively viewed.

These numbers on their own often tell an incomplete story, however, and the Phish Scale aims to provide a more detailed and nuanced insight into whether any particular form of phishing email might prove successful. It offers cybersecurity staff insight into why click rates were as they were by utilizing a rating system that is based on the content of the phishing email. This provides a number of clues that might tip off the initiated user that the email is not what it seems. These clues are modified depending on whether the target is from a hospital, a university, a business, or a government agency.

Spotting attacks

The tool uses five distinct elements. Each element is rated on a 5-point scale that is customized for each distinct scenario. These then form an overall score that is used by the trainers to rate the phishing exercise according to its difficulty level.

The key to the tool is the explanation given behind the click-through rates. The researchers highlight that there can be numerous reasons for people clicking on a phishing email. For instance, the training emails might be too easy or could be too similar to emails used in previous training exercises. This can lead trainers to believe that staff are well guarded against phishing attacks when the reality is altogether different.

As well as giving data to trainers, the tool also elicits feedback from users regarding why they clicked on certain emails.

The researchers believe this gives trainers and cybersecurity staff a much better understanding of the true state of awareness among the workforce, especially if the training is targeted towards a specific audience.

The Phish Scale has been developed after several years of research, with data from operational settings used to inform the tool. The researchers believe this makes it more robust, as previous attempts have relied on more lab-based expertise, which may not reflect the reality of real-life as people inherently act differently in lab conditions than in real life.

Further improvements

The researchers hope to further refine the model with more data, as to date all of the data for the system has come directly from NIST themselves. As more organizations use the tool, however, they hope to be able to feed that into the model to help it perform even better. This expansion of the dataset will be especially useful as more nongovernmental organizations utilize it and will help make the tool effective in a wider range of operational settings.

This ongoing evolution of the data behind the tool will be important to ensure that it remains effective as the phishing threat landscape changes.

Ultimately, the researchers hope that the tool will better equip organizations and employees to better deter any phishing attacks they are exposed to, and the research paper provides detailed steps to help organizations implement the DIY tool within their business.

With phishing being an enduringly popular and effective form of cyberattack, such an evolution in our defenses should be very useful, as humans are often the weakest link in that defense. By understanding what makes us click on phishing emails, it’s a link that should be bolstered.

Share25TweetShareShare

Related Posts

The satellite-hacker’s guide to the space industry: don’t panic (yet)

The satellite-hacker’s guide to the space industry: don’t panic (yet)

27 January 2021
Man in front of multiple computers

North Korea has been targeting threat researchers

27 January 2021
Teespring data leaked on hacker forum

8+ million Teespring user records leaked on hacker forum

25 January 2021
Covid-19 vaccine

Covid vaccines are now an excuse to launch phishing attacks

22 January 2021
Next Post
Representation of the Ethereum virtual currency standing on the PC motherboard

Smaller digital coins soar as bitcoin powers on towards record high

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Popular News

  • 70TB of Parler users’ messages, videos, and posts leaked by security researchers

    70TB of Parler users’ messages, videos, and posts leaked by security researchers

    83053 shares
    Share 83043 Tweet 0
  • The ultimate guide to safe and anonymous online payment methods in 2021

    13 shares
    Share 13 Tweet 0
  • 8 best cybersecurity podcasts for 2021

    56 shares
    Share 56 Tweet 0
  • Walmart-exclusive router and others sold on Amazon & eBay contain hidden backdoors to control devices

    13365 shares
    Share 13361 Tweet 0
  • Network Attached Storage

    0 shares
    Share 0 Tweet 0
Wall Street vs Main Street fight quashes hedge funds as GameStop keeps rallying

Wall Street vs Main Street fight quashes hedge funds as GameStop keeps rallying

27 January 2021
Google to stop using Apple tool to track iPhone users, avoiding new pop-up warning

Google to stop using Apple tool to track iPhone users, avoiding new pop-up warning

27 January 2021

‘World’s most dangerous malware’ Emotet disrupted

27 January 2021
The satellite-hacker’s guide to the space industry: don’t panic (yet)

The satellite-hacker’s guide to the space industry: don’t panic (yet)

27 January 2021
Man in front of multiple computers

North Korea has been targeting threat researchers

27 January 2021
GameStop extends Reddit driven hyper-rally after Musk tweet

GameStop extends Reddit driven hyper-rally after Musk tweet

27 January 2021
Newsletter

Subscribe for security tips and CyberNews updates.

Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Categories
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
  • VPNs
  • Password Managers
  • Secure Email Providers
  • Antivirus Software Reviews
Tools
  • Personal data leak checker
  • Strong password generator
About Us

We aim to provide you with the latest tech news, product reviews, and analysis that should guide you through the ever-expanding land of technology.

Careers

We are hiring.

  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!