Users should not take the rap for phishing attacks, says expert

Users should not be blamed for successful phishing attacks, says security awareness expert.

Ira Winkler, president of Secure Mentem, told attendees of the RSA Conference 2015 in San Francisco that humans represent only two of ten potential kill points for phishing attacks. A phishing attack can only be successful if eight possible layers of technological controls are missing or have failed. 

Download this free guide

New technologies: a source of threat as well as a solution

Learn about fighting the ever evolving ransomware, IoT botnet malware and data manipulation attacks.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

“Phishing attacks represent a combination of user and technological failures,” said Winkler.

Before the user is ever confronted with a phishing email, there are opportunities to block the attack at the pre-mail server and mail server stage.

Technologies for detecting and deleting phishing emails can be implemented in the internet infrastructure to block these attacks before they reach mail servers.

At the mail server there is another opportunity to implement technologies to quarantine phishing emails.

It is only if these first two layers have failed to block a phishing attack that a user becomes involved.

“Users only fail if technologies have failed first or if the right controls have not been implemented by internet service providers or in mail servers,” said Winkler.

However, he said if users have been properly trained to recognise and report phishing attacks, these attacks can be blocked at this third stage.

User awareness programmes should be designed to ensure that users are able to recognise potential phishing attacks and know where to report it.

“But awareness, like all countermeasures, is not perfect and can fail because even smart people make mistakes when confronted with a well-crafted phishing email,” said Winkler.

However, even if a user clicks on a malicious link in a phishing email, all is not lost because technologies exist to warn users of potentially harmful links and attachments.

“The user has the opportunity to report attempted phishing attacks to enable administrators to delete any associate unopened phishing emails on the mail server,” said Winkler.

“But if a user decides to open an email even though it has been quarantined, the email client should still be able to prevent malicious code from executing,” he said.

Even if the email client prevents the malicious code executing, the network should be able to detect and block malicious activity.

“The network can be equipped to be a layer of defence. It should be able to prevent malicious activity, identify rogue clients and prevent any infection from spreading,” said Winkler.

“And if malicious code executes, the network should be able to block data from being sent out of the network and stop any illicit login attempts,” he said.

Although Winkler concedes that in many cases security awareness programmes need to be improved, he said businesses need to acknowledge that the success of phishing attacks is not due to user failures alone.

“Phishing attacks are inevitable, but they can be prevented by putting technological detection and blocking capabilities at every layer,” said Winkler.

Image: iStock