Retailers are not the only people looking forward to the holiday season. It will be a busy time for scammers and fraudsters too as they send out coupons, deals and offers to consumers, and even thank-you vouchers to employees, purporting to come from organizations and brands they trust.\n\nIn fact, CIO has reported that it takes only a few minutes for experienced hackers to set up a social engineering attack against enterprises (and their managed service providers) that consider themselves to be secure and protected.\n\nEven though email phishing \u2013 deceptive messages designed to trick a person into sharing sensitive data (or even money) or inject malicious software into the recipient\u2019s system \u2013 is one of the oldest tricks in the book, email cyberattacks account for 90% of all data breaches even today, according to research by Hoxhunt. Taken together, these attacks exact a toll of $6 trillion from the global economy.\n\nWhile consumers and individuals have grown generally aware of these attacks over the years \u2013 even if they aren\u2019t aware of the term \u201cphishing\u201d \u2013 they are still surprisingly common and effective.\n\nSo what are the different kinds of phishing attacks prevalent today? What methods are cybersecurity experts using to minimize the impact of these attacks? How do enterprises combat these threats at a broader scale and prevent persistent phishing attempts?\n\nLet\u2019s dig deeper.\n\n1. Understand the different types of phishing attacks\n\nPhishers use social engineering tactics via almost every communication format and connection to launch phishing attacks. Unsurprisingly, there\u2019s more to phishing than email:\n\n2. Train employees to recognize phishing attempts\n\nAlong with being commonplace, phishing attacks have become so profitable (to the attackers) that the biggest cybercriminals have largely moved beyond individual customers. Rather, they target enterprise employees who can be duped into revealing information that\u2019s much more sensitive, on a much larger scale.\n\n\u201cAn example might be a bank \u2013 we don\u2019t want to target its customers, we think that\u2019s dumb and slow, we want to target the bank itself,\u201d said Mike Connory, CEO at Security In Depth.\n\nSince phishing attacks overwhelmingly target the human element, cybersecurity experts agree that the best defense against this is providing security awareness training to enterprise employees. This helps in early identification of attacks and increasing overall security hygiene. Some basic precautions staff in all departments need to take are:\n\nDone correctly, these simple steps can make your staff battle-hardened defenders of your network. \u201cYou often hear that people are security's weak link. That's very cynical and doesn't consider the benefits of using a company's workforce as a first line of defense,\u201d said Riaan Naude, Global Head of Consulting and Performanta.\n\n\u201cEmployees can catch a significant number of threats hitting their inbox if they can follow a painless reporting process that produces tangible results,\u201d Naude added. This is important because the reporting rate of attempted phishing incidents currently languishes at a paltry 3%.\n\n3. Use AI-enabled software to implement anti-phishing security measures\n\nIn-house cybersecurity training is no longer a time- and skill-intensive process, given the prevalence of AI-based phishing awareness platforms. Today, ML enables gamified, personalized security training programs for each individual based on their current level of awareness, position in the organization, and browsing behavior.\n\nFurther, AI is a potent tool in the arms of cybersecurity experts. It enhances the efficiency and effectiveness of security policies by improving and automating routine threat detection procedures. AI-enabled automation can help organizations put in place a variety of anti-phishing measures:\n\nPeople-first phishing defense\n\nWhile the effectiveness of any and all security measures depends on people, processes and technology, phishing can be defeated by the very tactic it thrives on: social engineering. Solutions that help people become smarter, sentient, resilient and responsive will win the day against the most advanced phishing attempts. Why not arm your team to be the winning one?