A conversation about phishing defense with eSecure’s CEO.
By Cofense Inc.
How does it benefit MSSPs to offer phishing defense? To understand the value to service providers and customers, the Cofense™ team recently chatted with Clinton Smith of eSecure, an MSSP located in Australia and the UK.
Interestingly, his responses correspond to what Cofense calls the 5 Uncomfortable Truths about Phishing Defense, examined in a recent blog series. For example: “No matter how good your perimeter defenses, phishing emails still reach the inbox.” Clinton expounds on this idea and other key topics below, dissecting what they mean for MSSPs and their customers.
Q: Phishing attacks are in the news practically every day. Does this increase awareness or desensitize customers to the problem?
A: Most organizations are aware of the problem, in particular their security teams. But individual users often seem to expect that their organizations are going to protect their mailboxes. It’s a somewhat reasonable expectation, at least from the user’s perspective, but technology has limitations, so users need to do their part.
Q: Makes sense. Does this put more pressure on managed service providers to deliver anti-phishing solutions that turn users into network defenders?
A: We’re continually under pressure to raise the bar. For example, while medium-to-large companies realize the need to educate users on phishing, smaller partners in the supply chain may not. These smaller organizations tend to be less mature in developing anti-phishing programs. Some still have a strange reluctance to invest in cybersecurity.
Q: What about those organizations that have invested in security defense—are there too many that think, mistakenly, that what they have is enough?
A: Again, the security teams would gladly invest more, but not everyone in the organization agrees. In Australia, mandatory breach notification laws are raising awareness that security is a process, something that needs to evolve as threats themselves evolve.

