One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8417272 |
| Date de publication | 2023-11-27 09:26:51 (vue: 2023-11-27 18:08:39) |
| Titre | 8 sujets essentiels de cybersécurité à inclure dans votre programme de formation 8 Essential Cybersecurity Topics to Include in Your Training Program |
| Texte | Your employees have a critical role to play as a first line of defense against cyberthreats. But to be effective, they need to know what those threats are-and stay apprised of how they\'re evolving. A comprehensive security awareness program is the key to helping your users grow their understanding of attackers\' methods and objectives so they can become more proactive defenders. That includes knowing what strategies malicious actors employ to manipulate people so they can use them to enable their campaigns. The importance of security awareness It\'s well worth taking the time to craft a meaningful and engaging security awareness program. By presenting the right mix of information to your users in a compelling way, you can empower them to help you improve your organization\'s security posture as well as create a more robust security culture overall. The cybersecurity topics that you include in your program should be relevant to your business and industry, of course. Companies face different cyberthreat challenges and regulatory compliance requirements related to data protection and data privacy. That said, there are several subjects that almost any modern business, regardless of its industry, will want to ensure its employees understand. We list eight of these cybersecurity topics below. They are the go-to approaches and tools that attackers around the world commonly use to compromise users and their accounts, disrupt normal business operations, steal money or data, and do other damage. Here\'s a high-level overview of these eight must-know cybersecurity topics: 1. Social engineering Social engineering is a collection of techniques malicious actors use to manipulate human psychology. Attackers rely on these strategies to trick or threaten users to take actions such as giving up account credentials, handing over sensitive data, running malicious code and transferring funds. They do this by taking advantage of users\': Emotions, by conveying a sense of urgency, generating excitement about an opportunity, or creating fear around losing money or doing something wrong Trust, by posing as someone familiar to the user or a trusted brand or authority-such as the Internal Revenue Service (IRS), UPS, Amazon or Microsoft Fatigue, by timing attacks when users are likely to be tired or distracted and more inclined to let their “emotional mind” guide their decision-making Common social engineering tactics include phishing-which we cover in the next section-and these others: Social media reconnaissance. Attackers often turn to social media to gather information about users that they target with their campaigns. These efforts can include direct outreach to users. Vishing (voice phishing) and smishing (SMS/text phishing). Vishing is the fraudulent practice of making phone calls or leaving voice messages purporting to be from a trusted brand or authority. With smishing, attackers use text messages to send SMS messages to users or robocall them. The messages often promise gifts or services in exchange for payment. Telephone-oriented attack delivery (TOAD). TOAD attacks start with an email that claims to be from a legitimate source and includes a phone number for customer assistance. Callers are connected to fake customer service representatives who then direct the victim through the attack. They may instruct the victim to let them access their machine remotely or download a file that turns out to be malware. Or they might direct them to a phishing site. Common sense can go a long way toward preventing a social engineering attack. Make sure to reiterate that if a message seems too good to be true, it\'s very likely a scam. And if something doesn\'t look or sound right, it probably isn\'t. 2. Phishing Phishing is an example of social engineering. Most phishing messages are sent by email. But some attackers deliver these messages through other methods, including smishing and vishing. Here are some typical strategies: Malicious links. When a user clicks on a |
| Envoyé | Oui |
| Condensat | 2022 about about: above accept acceptable access accidentally account accounts achieve acompanydomain acompanysdomain across act action actions actor actors addition address administration adults advantage against aim alert alerts all almost also always amazon among annoyance any anyone anything appear appearing apprised approach approaches approves are around artificial ask assess assistance as phishing attached attachment attachments attack attacked attacker attackers attacks attempt audio authentication authority authorized automation awareness awareness awareness away bad banking bec because become been behavior believing below benefit benign best billion bitcoin blogs body brand brute business businesses but button bypass callers calls campaigns can card careless carry carrying cases cause center centric certainly chain challenges change channel channels circumvent claims clear click clickbait clicked clicking clicks closer cloud code codes colleague collection com come comes common commonly communicate communication companies company compelling competencies complaint complete compliance comprehensive compromise compromised compromises compromising computer conduct confidential confirm confirming confusingly connected consider considerable considered contact content continuously contractor conveying convince copy cost costly could course cover covering crack cracking craft crafted create created creating credentials credit crime criteria: critical cryptocurrency culture current customer customers cyberattacks cybercriminal cybercriminals cybersecurity cyberthreat cyberthreats damage data date date deadline dealing decision decisions deep deepfakes defenders defense defenses defraud deliver delivered delivery demand department deposit designed destroying detect detected develop developed device devices different dig direct directly discover disguise display disrupt distracted documented doesn doing domain domains down download downloaded downloading downloads due each easier easily easy educate education effective efforts eight either email emails embarrassing embedded emotional emotions emphasize employ employee employees empower enable enables encrypting end engaged engaging engineering engineering ensure enter environment especially essential even every evolve evolving example examples exchange excitement executing executives exfiltrating expert explains exploited exploiting exposed exposure external externally extortion face fake faked familiar fast fatigue favorite fbi fear feels few: file files filled financial find first focus following foothold force forever form former found four fraud fraudulent free frequently fresh friend from frustration funds future gain gaining gather gen genai generally generating generative get gifts give given giving global goals goes gone good groups grow guess guide guided had handing hands happens hard harder harm harvests has hashing have healthcare help helping here high how however hub human ic3 ideas identify images immediately impact impersonate impersonated impersonates impersonation importance important impostor improve inadvertently incidents inclined include include: includes including increases individual industry ineffective infected infections informal information informed insider insiders install installing instance instead institution instruct instructed intellectual intelligence intent intentioned interchangeably internal internet invoice invoicing involves irs isn issues its just keep keeping key kit kits know knowing knowingly known knows landscape last latest latest state launch lax lead leads leakage learn learning least leaving legitimate less let letter level lewd like likely like phishing to line link links list lives lock login logo long look lookalike looks lose losing lost lottery lower lures machine made main maintain make makes making making malicious malware management management manipulate manually many may mean meaningful measure media media meet message messages methods mfa mfa microsoft microsoft might mind |
| Tags | Ransomware Malware Tool Vulnerability Threat Mobile Cloud |
| Stories | Uber Uber |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.