At The Channel Company’s XChange 2022 event recently, one of the speakers made a bold claim: "It's the person pressing the button. It's always a human making a mistake."
This is not to shame humans, but let's face it, it's true. The Verizon Data Breach Report states that 82% of all breaches stem from the human element. When you expose humans to emails that are designed to specifically trick them, odds are that at least one person is going to click on something they shouldn't. Let's be honest: if humans were better at identifying cyberattacks, the cybersecurity industry wouldn't be as big.
But it is, because detecting phishing emails is incredibly tricky. One study found that phishing awareness programs wears off, and that training needs to happen every six months. Think about it: Phishing training done in January 2020 would've been helpless against COVID-related threats.
Another study found that folks have trouble detecting, with any confidence, modern phishing attacks.
This is why the preventative form of cybersecurity is so important. When you allow emails into the inbox, even for a short period of time, there is a good chance that someone is going to click on something that they believe to be legitimate.
When you combine preventative security with proactive phishing training, you get a hard-to-beat combination.