Email Security

8 Experts Share Their Advice On Stopping Phishing Attacks In 2025

We asked 8 experts for their advice on how to protect users from phishing in 2025.

Last updated on Jan 06, 2025
Joel Witts Written by Joel Witts
Phishing Advice 2025

As attackers continue to leverage generative AI technologies, phishing and social engineering attacks are becoming more sophisticated. 

So, as security leaders, how can you you plan your strategies for 2025 to enhance phishing defenses, from employee training to implementing advanced threat detection systems?

We recently asked 8 experts for their advice:

Brian Reed, senior director of cybersecurity strategy at Proofpoint: To effectively defend against email attacks, organizations need a multi-layered defense strategy. Attackers are jumping across platforms and channels to infiltrate and move laterally within organizations… Implementing multi-factor authentication, targeted user awareness training, conducting regular risk assessments and ensuring overall alignment between the board and CISO would be considered a good step forward… A multi-layered, human-centric approach to protecting people and data should be a priority for all organizations in 2025. Read the full Q&A.

Usman Din, director of product management, Cisco Security: As bad actors use more sophisticated AI methodology to increase their chances of a successful email-based attack, it’s even more important for organizations to deploy AI detection capabilities to thwart them. As the threat landscape continues to grow and morph, it becomes more urgent to utilize continuously evolving and more comprehensive threat detection. Read the full Q&A.

Mika Aalto, CEO, Hoxhunt: Phishing tactics are evolving, so your training must evolve, too. Every employee should know how to recognize and report phishing attempts confidently, whether they occur in email, Teams, SMS, or WhatsApp. But they must also be motivated to actively participate in cybersecurity on a continuous basis. Empowered employees who see cybersecurity as a shared responsibility are the strongest defense against phishing. Read the full Q&A.

John Wilson, senior fellow, threat research, Fortra: Give your users an easy way to report suspected phishing messages and be sure to review those reports promptly. While one user might recognize and report a threat, similar messages may have been sent to dozens of other employees. Finally, if you sell directly to consumers, you should consider a monitoring and take down solution to protect your customers from bad actors impersonating your brand. Read the full Q&A.

Tony Anscombe, chief security evangelist, ESET: Due to the fact that both bad and good actors are utilizing AI, making full use of a mature security solution that layers and utilizes AI and machine learning will best enhance a company’s email solutions going forward. Additionally, anyone operating Microsoft 365 should prioritize complimenting the environment with a third-party security solution. Read the full Q&A.

Olesia Klevchuk, director of product marketing, Barracuda Networks: Deploy AI-powered email security to detect and mitigate sophisticated attacks like spear phishing and BEC. Reduce response time and minimize damage with solutions capable of automated post-delivery remediation. Improve email authentication to prevent domain spoofing and protect your brand reputation. Read the full Q&A.

Javvad Malik, lead security awareness advocate, KnowBe4: Prioritize building a culture of security awareness, where vigilance is ingrained in every employee, from the boardroom to the break room. Investing in continuous, adaptive training programs that evolve with the threat landscape is non-negotiable. Additionally, implementing robust incident response plans that can swiftly and effectively mitigate the impact of a successful phishing attack will be crucial. Read the full Q&A.

Arnout van de Meulebroucke, CTO at Phished: Continue to invest in frequent training for their employees to stay ahead of evolving threats. A robust solution to protect the business against phishing is crucial. Regular security testing can help identify vulnerabilities and improve overall security posture. In light of NIS2, prioritize developing a comprehensive cybersecurity strategy that includes robust phishing prevention and response measures. This may involve conducting regular risk assessments, implementing clear policies, and having a well-defined incident response plan. Read the full Q&A.

Expert Insights Phishing Resources

Joel Witts

Content Director

LinkedIn Email
Joel Witts is the Content Director at Expert Insights, meaning he oversees all articles published and topics covered. He is an experienced journalist and writer, specialising in identity and access management, Zero Trust, cloud business technologies, and cybersecurity. Joel is a co-host of the Expert Insights Podcast and conducts regular interviews with leading B2B tech industry experts, including directors at Microsoft and Google. Joel holds a First Class Honours degree in Journalism from Cardiff University.