Advanced phishing

Human layer security: Your last line of defence against phishing

by Egress
Published on 10th Jun 2021

Phishing is more sophisticated than ever. Cybercriminals have moved on from bombarding mass email lists with poorly spelt, obvious scams. They’ve been replaced by carefully planned spear-phishing attacks, impersonation attempts, and business email compromise.

Consider a new joiner to Company X – they’re excited to start and have recently updated their public LinkedIn profile. On their first day, they receive an email from, asking them to change their password for a certain application. It’s signed off by Company X’s head of security, and it looks the same as all the other emails they’ve received on their first day. Except it’s a spear-phishing email hunting for login details – and you know what happens next.

These attacks press on psychological triggers that could catch any of us out on a bad day. Even educated, experienced professionals can (and regularly do) fall for modern phishing attempts. There’s no getting away from the fact that if a phishing email gets in front of an employee, there’s always the chance they could fall for it. 

People as a (fragile) last line of defence

Unfortunately, some phishing attacks will always slip through the net – even with phishing prevention technology in place. At this point, everything rests on the actions of the employee. Cybercriminals will be praying they take the bait and bring the attack to fruition. IT leaders will cross their fingers and hope the employee spots the scam and forwards it on to the security team.

This game is fixed in the favour of the cybercriminals – they only need one mistake from one person to infiltrate a business. IT leaders on the other hand pour resources into cybersecurity training in the hope that no employee ever falls for an attack. This is of course easier said than done, when any of us can be susceptible to fatigue, stress, or over-eagerness to please in a new role.

Cybercriminals know this and they aim to exploit it, designing attacks that prey on that split-second moment before someone really stops and considers whether an email request is legitimate. The question IT leaders need to ask themselves is: should we really place this burden on employees to be the last line of defence? Or can we use technology to give them some much-needed help?

Human layer security: a necessary reinforcement

The human layer security approach is to turn people from a security risk into a security asset. Insiders can generally be trusted to do the right thing – it’s just that they can’t be trusted to do the right thing on every single occasion. Some people will always fall for phishing attacks.

The goal of human layer security is to use intelligent technology to give people a nudge back towards the mindset where they make smart security decisions. It’s not about policing their actions, it’s about stopping them pre-emptively and saying, “Hang on, you wouldn’t normally click on this. Are you sure you want to interact with this suspicious email?” And that’s often all they need.

There’s an education element to human layer security too. The more people are taught and helped, rather than caught and disciplined, the more likely they are to spot phishing attempts on their own in the future. True human layer security acts more like a real-life security expert, who’s there to help and explain rather than simply notify users that an attack has been discovered.

Human layer security in action against phishing

Egress Defend is the part of our wider human layer security platform that focuses specifically on the threat of phishing. It uses machine learning to analyse both the content and context of emails, building up an intelligent understanding of what constitutes a phishing attack. That allows it to detect phishing in real time, rather than simply trying to chase and block the most recent threats.

Users are supported with a traffic-light system of risk, that only alerts and prompts when a genuine threat of phishing is detected. People are then offered the option to go to a webpage and understand why that specific email was flagged, helping to educate them and take that knowledge into their next interaction with a phishing email. The reporting and analytics function also gives security teams visibility over whether this advice has been accepted or ignored.

Human layer security means there’s no need for IT leaders to cross their fingers and hope their employees spot phishing. We can turn the tables and make cybercriminals the ones to feel frustration. Take the burden of security off your employees’ shoulder and empower them to share data without risk.