August 23, 2018 | Content Aggregator - Single Slide | Security Awareness, Phishing, Social Engineering
How can a security team avoid becoming overloaded once end users are empowered to flag and report suspicious email? In this Viewpoints report, IANS Faculty Marcus Ranum, Kevin Beaver and Ondrej Krehel recommend several technology- and process-based solutions.
More than half of CISOs believe C-level executives are most in need of security awareness training to protect themselves from phishing and other social engineering attacks. HR is seen as needing the least amount of security awareness training.
In cyberattacks against U.S. power utilities, Russian hackers stole employee credentials to gain access to corporate systems using spear-phishing, targeted oft-visited trade publication websites and used VPNs to stay hidden and maintain network access.
Most employees receive security training at least once a year, and some 54 percent receiving security awareness training more than once annually. In 6 percent of cases, employees are only trained when hired, or are never trained at all on security awareness.