Email Security Blog

What Top CISOs Know About Phishing Solutions

When it comes to phishing software, there appears to be plenty of options, software companies, big and small advertise ant-phishing software solutions that all sound good. However, when a Chief Information Security Officer (CISO) does his or her research they know how to go beyond the marketing print. Here we share what to look for when it's time to buy true anti-phishing software.

Spam filters are not Phish filters

A top CISO knows the difference between phishing software and spam filters. To illustrate what I mean go to your local pet shop, buy two fish tanks, one goldfish, then head off to your local organic farmers cooperative and grab a can of spam… go on I'll wait…. Ok, welcome back now fill both tanks with water, place the fish in one and a can of spam in the other, now wait 24 hours…..

Welcome, as you can see from this experiment your new goldfish is thriving in fresh filtered water, your can of spam has not fared so well; sure the filter has caught some of it but much of it is floating around your tank making quite the mess.

Top CISO's know this. If you try to engage a spam filter to do anti-phishing software's job, you'll catch some of it, but not all of it, and it only takes one to bring down your network.

Spam filters are not designed for the phishing attacks of 2019.  Phishing software needs to be carefully nuanced, while spam filters rely on Bayesian statistical techniques, which sound cool but their entire focus is to seek out generic and obvious mass mailings, they catch the discount blue pill emails and critically miss the fake C-level executive asking for help with the payroll password.

Often spam filters are paired with Malware filters and sold as a package. To be fair, malware filters do a pretty good job of stripping out nefarious files, so with both of those filtering your email you are good right? Wrong.

Top CISO's know the difference between the appearance of anti-phishing software and a phishing software solution that actually works. That might sound like click bait hyperbole, and I expect my assertions can be measured in the billions. Every year companies with both Spam and Malware filters installed part with billions of dollars via successful phishing attacks. If it can happen to tech giants like Facebook and Google (it just did), it can surely happen to you.

Training Software

I can train my people to catch Phish! (said the camel salesman in the desert)

Phishing training programs have become extremely popular but top CISO's know that they aren't enough and are often doing more harm than good. The first thing to consider is the slightly obvious point that phishing simulators year over year for the last ten years have caught, and this is a real number, zero phish.

That's right zero, and impressively that haul has been maintained year over year, even as phishing attacks become more pervasive, they are still able to catch none. Am I being cheeky? Sure, phishing simulators aren’t meant to catch phish they are meant to test your employees by evaluating how good Billy from the mailroom is at finding fake emails concocted by Susan in IT. We can debate the efficacy of phishing simulator, perhaps in the real world they will cause Billy to pause before he clicks, but again we can measure the collective failure of simulators and their spam and malware friends in the billions of dollars annually.

What the top CISO's know is that yesterday’s phishing solutions simply don't work today, and they certainly won't work tomorrow.

To combat the phishing attacks of today and those that will arrive in the weeks and months to come, top CISO's seek out true anti-phishing software, and when they do, they find INKY a peerless, powerful and  complete anti-phishing software solution.

There can be only one.

So, what is it that makes INKY that world champion phish catcher? Well, a few things, functionally we integrate the components of spam and malware filters and augment them with powerful artificial intelligence and machine learning that means our Phish Fence is perpetually learning; it's not playing catch-up by chasing the phishing aggregators.

We also use Computer Vision, and this is critical, because we aren't just looking for suspect text or email headers, we are looking at the way incoming emails are visually represented to the user.

Phish Fence can detect fraudulent iconography and graphics, differences that are entirely undetectable to the human eye and too often missed by conventional spam filters. Our in-line banners don't require simulation to teach phishing lessons, and they educate the user community with every email they receive, providing a content learning opportunity every time the inbox receives a message.

Top CISO's know that when it comes to anti-phishing software there can be only one, and that one, is INKY.

Take the INKY Phishing Phitness test today and see for yourself what the top CISO's already know.

INKY – Phight Phish