For years, Cofense has preached the value of educating users to report suspicious emails. The idea is simple: with rigorous, frequent practice, any user in any department can learn to spot a phish and report it to security teams for faster investigation.
It’s a myth, pure and simple, that humans are the weakest link. A workforce not educated in spotting and reporting phish will, of course, be vulnerable. But the same employees, when properly conditioned, are the best defense when perimeter controls, even the best, prove fallible.
Our approach stands in contrast to an over-reliance on security technology. Secure email gateways, an important layer of phishing defense, catch many but not all phishing emails. Cofense reported earlier this year that 90 percent of the phish we verify for customers are found in environments using one or more SEG.