Phishing at large: O’Kane joins Cloudflare panel
Cloudflare has brought together cybersecurity leaders Matt O’Kane and James Crocker to discuss the growing complexity of phishing attacks, particularly with the rise of AI, in their podcast series Innovation Matters.
The Threat Is Scaling
In the podcast, O’Kane warns listeners about the increased scale of phishing attacks since the 1990s as technology and AI rapidly evolve.
“The difference today is a difference of scale,” O’Kane said. “The scale is immense, and the speed at which criminals can react to new events has increased.”
Communication and Consistency
O’Kane and Crocker discussed the role of internal communications as a line of defence against cybercrime.
“When dealing with clients, businesses should be consistent in their messaging,” Crocker said.
“Businesses should consider how their communications may be misinterpreted.”
AI Advances in Cybercrime
Crocker warned that cybercrime is only going to get worse as AI advances and assists criminals in their phishing attacks.
But What Is Phishing?
According to Crocker, phishing is a type of cyber attack that a criminal uses to try and trick someone into giving up sensitive information.
Spear phishing is a targeted phishing attack designed to increase the likelihood that a specific recipient opens the email.
Whaling is a technique that targets high-level executives for a greater reward.
“It is essential to have an understanding of the culture that your employees and clients understand,” he said.
“By having standard policy and process within your organisation—and an understanding of how to respond to phishing emails—you reduce risk.”
Prevention Through Training
In the interview, O’Kane and Crocker emphasised the benefit of planning and regular staff training against phishing attacks.
“Think about what you’ll do if the worst happens,” O’Kane said. “You need to know well in advance how to prevent attacks from happening through training.”
Prevention is better than the cure, he emphasised.
“Your IT team should routinely test staff by simulating suspicious emails,” he said. “Get them to click a link or download an attachment they shouldn’t. It’s one of the most effective ways to build awareness.”