'Email Security Doesn't Get the Attention It Deserves'Jess Burn of Forrester on the Do's and Don'ts of Phishing Prevention
"Email security doesn't get the attention it deserves" because "phishing is not going away and is not getting any less," says Jess Burn, a senior analyst at Forrester. She shares best practices for phishing prevention.
Burn says that "when you're looking for email security solutions, the basics don't cut it anymore." She recommends employing additional defenses, such as DLP, browser isolation and "some analysis of how your people are speaking to each other and who is being targeted most."
It's also important to practice incident response exercises, Burns says, because "practice makes prepared."
"A phishing scenario that leads to ransomware is an excellent tabletop exercise for an organization to go through … It is extremely important that every key stakeholder in an organization that would have to make a decision related to ransomware sits down and runs through the incident response plan," she says.
In a video interview with Information Security Media Group, Burn discusses:
- The gaps in organizations' phishing defenses;
- Technology recommendations to best defend against these threats;
- Incident response best practices.
Burn is a senior analyst at Forrester serving security and risk professionals. She contributes to Forrester’s research on the role of the CISO and Zero Trust. She also covers continuous controls monitoring, incident response and crisis management, and security training, education and certification.