One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8361790 |
| Date de publication | 2023-07-26 10:00:00 (vue: 2023-07-26 17:06:45) |
| Titre | Comment améliorer la sensibilisation au phishing des employés How to improve employee phishing awareness |
| Texte | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Social engineering has long been a popular tactic among cybercriminals. Relying exclusively on information security tools does not guarantee the safety of an IT infrastructure these days. It is critically important to enhance the knowledge of employees regarding information security threats. Specifically, there is often a pressing need to educate employees about phishing. But how could phishing awareness training go wrong, and what can be done about it? Let\'s delve deeper and unravel the potential issues and solutions. In recent years, we have seen an uptick in the delivery of malware via phishing attacks. Compounding the problem is the rising volume of email fatigue, which can lead to less vigilance and increased vulnerability. Regrettably, email protection software does not fully safeguard against phishing due to the inevitable human factor involved. Indeed, there is a reason why social engineering continues to be a preferred strategy for cybercriminals - its effectiveness is exceptional. Many organizations are already conducting training sessions and rolling out specialized programs to enhance employee awareness about phishing. These programs are not just theoretical but also offer hands-on experience, allowing employees to interact with possible threats in real-world scenarios. For this, companies often use simulated phishing attacks, which are a vital part of their awareness programs. Some businesses manage these cyber exercises internally through their information security teams, while others enlist the help of service providers. However, these training sessions and mock phishing exercises are not without their flaws. At times, technical issues can disrupt the process. In other instances, the problem lies with the employees who may exhibit apathy, failing to fully engage in the process. There are indeed numerous ways in which problems can arise during the implementation of these programs. Email messages caught by technical means of protection It is standard practice for most companies to operate various email security systems, like Secure Email Gateway, DMARC, SPF, DKIM tools, sandboxes, and various antivirus software. However, the goal of simulated phishing within security awareness training is to test people, not the effectiveness of technical protective tools. Consequently, when initiating any project, it is crucial to adjust the protection settings so your simulated phishing emails can get through. Do not forget to tweak all tools of email protection at all levels. It is important to establish appropriate rules across all areas. By tweaking the settings, I am certainly not suggesting a total shutdown of the information security system - that would be unnecessary. When sending out simulated phishing emails, it is important to create exceptions for the IP addresses and domains that these messages come from, adding them to an allowlist. After making these adjustments, conduct a test run to ensure the emails are not delayed in a sandbox, diverted to junk folders, or flagged as spam in the Inbox. For the training sessions to be effective and yield accurate statistics, there should be no issues with receiving these training emails, such as blocking, delays, or labeling them as spam. Reporting phishing Untrained employees often become victims of phishing, but those who are prepared, do more than just skip and delete suspicious messages; they report them to their company\'s |
| Envoyé | Oui |
| Condensat | about account accurate across action actions adding additional address addresses adept adjust adjustments adopt advice affirms after again against aids alertness alerts algorithms all alleviates allowing allowlist already also altered among another antivirus any anywhere apart apathy application appropriate approximately are areas arise article ascertain assess assist at&t attachments attack attacks attacks: attempts author aware awareness awareness: away bait based basis bear become been being beneficial blocking body boosting both breaches building burden businesses but campaign campaigns can care caught caution certain certainly changes charge check circulate clean click client come common companies company complete completed complex compounding conclusion conduct conducted conducting confronted confused consequences consequently consider consistently constitutes contact contain content continue continues continuous could count course courses create critically crucial cultivating curiosity cyber cybercriminals cybersecurity cycle cycles days dedicated deeper delayed delays delete delivery delve depending designed details detect detection developed did direct discuss displays disrupt diverted dkim dmarc does domain domains done due during easily easy educate effective effectiveness either element email emails employee employees encounter end endorse engage engagement engaging engineering enhance enhances enhancing enlist enough ensure entire entirely essential establish evaluate even eventually every examining exceptional exceptions exclusively exercise exercises exhibit experience expertly exposure external extremely fact factor failing fall faster fatigue fear field fill firsthand flagged flags flaws folder folders following fool forget forwarding frequently from fully gateway generate get give given goal gradually guarantee hackers handling hands happen hardware has have having headers hear help helps here high how however human identified identifying impact implementation important improve inattention inbox incident incidents increase increased indeed indicates individual ineffective inevitable information infrastructure initial initiating instance instances instead insufficient intended interact interest interestingly internal internally involve involved irrespective issues its junk just kickstart knowledge knowledgeable labeled labeling labels lead learn learning least legitimate less let lets level levels lies like likely line links long magic mailbox maintain make making malicious malware manage many matches matters may means measures mere message messages messages; might mistrust mock mock phishing month months more most motivate motivating multiple nearly necessarily necessary need needed new newsletters next not notify notion numerous offer often once one ones ongoing only opened operate organization organizations originated other others out outlook overwhelmed part password people perfectly period phishing pills place platform play plugin plugins popular positions possible post potential practical practice preferred prepared presenting pressing prevent preventing problem problems process processes program programs project prompting properly properties protect protection protective proverb provide provided providers quickly rates real reason reasons: receive receiving recent recognition recognize red regarding regrettably regular regularly reinforcement reinforcing relying remember report reported reporting reports research resilience resources respond responsibility results right rising robust rolling round rounds rules run running sad safeguard safety sandbox sandboxes say says: scammers scenarios secure security see seen sender sending sent server service session sessions set settings several severe shame shield short should show shows shutdown simple simply simulated simulation simulations single size skills skip slow social software solely solutions some spam special specialists specialized specifically spf spot standard starts statistics step stop straightforward strategy structure subject suc |
| Tags | Spam Malware Tool |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.