When it comes to warding off phishing attacks, too many organizations are reliant on internal awareness campaigns. But a more proactive defense and controls are needed, says John "Lex" Robinson of PhishMe.
One important lesson to learn from business email compromise and other predominant forms of phishing attacks is that they are strikes against business processes, says Robinson, a cybersecurity strategist with PhishMe. "This is showing us some level of recognition that advanced persistent threats and other malicious actors recognize that we're using attachments a lot in emails, and therefore they are coming after [this vulnerability]."
In an interview about phishing defenses, Robinson discusses:
- Phishing trends and how they exploit behaviors and processes;
- The elements of the phishing kill chain;
- How to build a more proactive defense.
Robinson has over 30 years' experience in information technology with a strong focus on strategic planning and program delivery. He is responsible for PhishMe Professional Services delivery strategy and provides hands on program consulting, as well as, customized results analysis and recommendations for clients seeking to reduce their organizations' susceptibility to phishing attacks.
Prior to PhishMe, his professional career has included consulting and management of product and service delivery teams for small businesses, global Fortune 20 organizations and Government Agencies. He is a Certified Counter Intelligence Threat Analyst, holds an Electronic Engineering Degree, has numerous technical and behavioral science certificates, as well as a continuing professional development credits in IT Security and Ethical Hacking.