Almost all cyberattacks these days require an element of social engineering. Spammers are always looking for that hot button to induce a click on a link or an attachment. Drive-by artists continually experiment with poisoned banner ads designed to steer the curious into an online dark alley. Spearphishers put together persuasive pitches pretending to be friends or a trusted institution. What makes social engineering maddening to system defenders is there are no technology quick fixes to combat it.
Phishing training is now essential and training programs need to be ongoing, not just once a year checkbox type training.
Employees will only get better at identifying phishing emails with practice, and phishing simulations are essential in this regard. Any failures can be turned into learning opportunities.
Employees may be the weakest link in security, but that can be changed.
BTW, you refer to PhishMe in the article. Just to let you know the company has rebranded and is now called Cofense.
Loading ...
Reengineering Human Behavior Can Foil Phishing
Posted by: John P. Mello Jr. September 30, 2013 11:34 AMAlmost all cyberattacks these days require an element of social engineering. Spammers are always looking for that hot button to induce a click on a link or an attachment. Drive-by artists continually experiment with poisoned banner ads designed to steer the curious into an online dark alley. Spearphishers put together persuasive pitches pretending to be friends or a trusted institution. What makes social engineering maddening to system defenders is there are no technology quick fixes to combat it.
Employees will only get better at identifying phishing emails with practice, and phishing simulations are essential in this regard. Any failures can be turned into learning opportunities.
Employees may be the weakest link in security, but that can be changed.
BTW, you refer to PhishMe in the article. Just to let you know the company has rebranded and is now called Cofense.