One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8516268 |
| Date de publication | 2024-06-10 12:00:50 (vue: 2024-06-10 13:07:28) |
| Titre | Garder le contenu frais: 4 meilleures pratiques pour la sensibilisation à la sécurité axée sur les menaces pertinente Keeping Content Fresh: 4 Best Practices for Relevant Threat-Driven Security Awareness |
| Texte | The threat landscape moves fast. As new attack methods and social engineering techniques appear, organizations need to maintain security awareness programs that are relevant, agile and focused. Research from Proofpoint for the 2024 State of the Phish report found that most businesses used real-world threat intelligence to shape their security awareness programs in 2023. That makes us happy! At Proofpoint, we know it is essential to use threats and trends from the wild to teach your employees about attacks they might encounter. It is equally important to ensure that your program isn\'t teaching them about security topics that are no longer relevant. In this article, we discuss four essential best practices to help keep your security awareness and training content both fresh and threat-driven: Analyze real threat trends to stay current and relevant Use real-world threats to inform your testing and training Refresh your training plan so that it\'s relevant and accurate Ensure that security practitioners stay on top of content changes An image from our always-fresh (see what we did here?) phishing template that tests brand impersonation. The human-centric risk of not keeping it fresh Let\'s first talk about what happens when you use outdated threat content to train your employees. The results can create significant human-centric risk for your business because your employees might approach security with unsafe behavior such as: Having a false sense of security about their knowledge. People might believe they are well prepared to identify and respond to threats, leading to actions based on incorrect assumptions. Not responding effectively to targeted threats. People might make decisions based on incorrect assumptions, increasing the possibility of successful attacks specific to their role or industry. Incorrectly reporting a security incident. Outdated training content may give incorrect procedures for reporting and responding to security incidents. Being noncompliant with industry regulations. Outdated content might not fit the required compliance training, exposing your company to possible legal and financial penalties. Being unengaged in your security culture. If employees perceive security education as outdated or irrelevant, they might see security responsibility as a waste of their time. Now, let\'s talk about our four best practices to help ensure that none of this happens. An image from the “AI Chatbot Threats” training (play video). 1: Analyze real threat trends to stay current and relevant Informing your program with threat intelligence is a must. Real-world insights will help your employees understand the scope and impact of the threats they may face. It will also enable your security teams to tailor their training and messaging accordingly. To use threat intelligence effectively, security awareness practitioners must work collaboratively across their organizations. You want to understand the attack trends that the security practitioners who monitor, analyze and investigate cyber threats see in real time. These practitioners might be your incident response team or your security operations center (SOC) team. At Proofpoint, we are committed to staying on top of the latest threats and passing this information to customers. The Proofpoint Security Awareness solution is built on insights that we gather from analyzing over 2.6 billion emails daily, monitoring 430+ million domains and tracking hundreds of threat groups to stay ahead of attackers. We do this by collaborating with our in-house Threat Intelligence Services team and using their insights in our integrated threat platform, which ties email monitoring and remediation to human risk detection and education. Recent insights from real-world trends include: Telephone-oriented attack delivery (TOAD). In the 2024 State of the Phish, we reported |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 2023 2024 430+ about access accessibility accordingly accounts accurate across actions added adding address advice agile ahead alerts all also alternative always analysts analyze analyzing appear approach are article artificial as: aspects: assignments assumptions attachments attack attackers attacks attention august automation average avoid aware awareness back based basics bec because become been behavior being believe best better between billion bite blog both brand build built bulletins business businesses but buttons calls campaign can cast center central centric certain changes changes channels characters chatbot close code codes codes collaborating collaboratively collected committed common communication company compliance compromise connection conscious consider content context continued continuous continuously conversational convincing could: covid create criteria cultivate culture current customers cyber cybersecurity daily dangerous decisions decreased dedicated deepfakes defenses deliver delivery deploy designed desk detect detected detecting detection develop development did discuss distribute diversity does domains drive driven driven: drop due each easier easily education effective effectively email emails embed emerging employees enable encounter end engaging engineering ensure eos equally equity errors essential event evergreen every example expanding expected experience explain exposing exposure face false familiar far fast features federal filters final finance financial find first fit five flags flexible fluently focused follow format found four frequent fresh fresh fresh: from gather gdpr genai generated generative get give glass global goal governments grammar groups grow growing guidance handle happens happy has have having hear help helps here highly home homepage house how however human hundreds identified identify image impact imperative impersonation importance important improve improvement incident incidents include: include: includes inclusion incorporating incorrect incorrectly increase increasing individual industry inform information informing initiatives insights instance integrated integrating intelligence investigate irrelevant isn its juggle just keep keeping know knowledge landscape languages latest leading leads learners left legal lens less let library like links local longer look lot maintain make makes making malicious management manual many material may means message messages messaging methods might million mind minimize models modules monitor monitoring month monthly months more most moves must nature need needed needs new newest newly news noncompliant none not notice now often once one online only open operations organization organizations oriented out outdated over overall own pane part particular particularly passing pay payroll peak penalties people perceive person personalizing phish phishing phone pieces place plan plans platform play point poor possibility possible post potential practice practices practitioners prepared presents prevalence prevalent previous proactive procedures processes produce program programs promote proofpoint proofpoint provide providing purpose quickly reach real recent recently recipients red reflect reflective refresh refreshing regular regularly regulations release released releasing relevance relevant relevant remain remediation remove removed report reported reporting repository require required research researchers resource resources respond responding response responsibility results retired revamped review right: rise risk risks role roles run running same samples saw scams scams scope screensavers searching section security see seen send sense sent services shape shaped share shared should show showcases significant simulation simulations single sized skills soc social solution some soon sophisticated source specific spelling spotlight spotlights standard state status stay staying streamline streamlined strengthen strengthens successful such support |
| Tags | Tool Vulnerability Threat Prediction |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.