CyberWatch

Michael Sviben (DomainGuard) | Defending against phishing and building proactive security awareness

By

By

Access Point Consulting

Cybersecurity threats evolve rapidly, and one tactic consistently rises above the rest: phishing. In this episode of CyberWatch, Michael Sviben, co-founder of DomainGuard, discusses why phishing remains so effective, how businesses and individuals become targets, and what you can do to stay vigilant.

Phishing: More than Just Malicious Links

Phishing is often oversimplified as merely clicking on malicious links—but it’s much more than that. Attackers exploit human psychology through emails, text messages (smishing), and voice phishing (vishing) to gather sensitive data or credentials.

Sviben explains:

“Threat actors continuously adapt their methods. It’s not just about clicking links—phishing also involves directly tricking users into disclosing sensitive personal or corporate information.”

Who’s at Risk?

Everyone. From executives at large enterprises to front-desk employees at small businesses, phishing knows no boundaries:

  • Attackers often typosquat domains, creating fake websites to impersonate legitimate brands.
  • Even job candidates have become targets, with attackers posing as potential employers to gather personal details.
  • Phishing also increasingly targets individuals via SMS and voice calls (vishing).

How Can Businesses Fight Back?

Sviben emphasizes that defending against phishing requires a layered approach:

  • Security Technology: Implement secure email gateways, advanced spam filtering, and DMARC records to limit spoofing.
  • Employee Awareness: Conduct realistic, regular phishing simulations—avoiding blame and using results constructively to enhance security.
  • Proactive Defense: Continuously monitor for domain typosquatting to identify threats before they affect your business.

Sviben highlights the need for a community mindset, reminding listeners, “Phishing defense is a collective responsibility—we need a proactive workflow to handle phishing attacks impersonating our brands, reporting them quickly to registrars and hosting providers.”

Practical Advice for Organizations

  • Domain Monitoring: Regularly monitor for newly registered domains that resemble your company’s name.
  • Incident Response: Have clear workflows for addressing phishing incidents, including reporting malicious domains to registrars or hosting providers.
  • Community Awareness: Collaborate with industry peers; phishing prevention benefits from shared knowledge and collective vigilance.

Key Takeaways:

  1. Phishing evolves—vigilance requires constant adaptation.
  2. Layered security is essential: Technology alone isn’t sufficient.
  3. Stay community-focused: Reporting threats and sharing intelligence helps everyone stay safer.

Listen to the CyberWatch podcast on Spotify and Apple Podcasts, or watch the episode on YouTube.

Resources

CyberWatch

March 5, 2025

David Habib (Brightspot) | Building a culture of cybersecurity awareness

Cybersecurity awareness is often reduced to check-the-box training, but David Habib, CIO at Brightspot, argues that real security awareness isn’t about formal programs—it’s about making security part of a company’s culture. In this episode, he shares practical insights on how organizations can move beyond stale training sessions to create an engaged and security-conscious workforce.

Find out more
February 26, 2025

Lori Keller (Access Point Consulting) | Project management’s role in cybersecurity

Cybersecurity projects don’t just require technical expertise—they demand structured planning, risk management, and coordination across teams. Lori Keller, a practitioner in cybersecurity project management, joins CyberWatch to discuss how strong project management practices drive security success.

Find out more
February 19, 2025

Adithya Vellal (Petra Security) | Advancing cybersecurity maturity in the cloud

Cybersecurity maturity isn’t just about implementing tools—it’s about developing repeatable processes that align security with business objectives. Adithya Vellal, founder of Petra Security, joins CyberWatch to discuss how organizations can take a structured approach to cybersecurity, reduce risk, and communicate security priorities effectively.

Find out more