Posts

, ,

Social Engineering Awareness Program Part 4: Clicking the Phish

It is inevitable that at some point, someone will fall victim to a social engineering attack. This could be via clicking the phish, letting an unauthorized person in, or succumbing to a phone scam. Integrating with your Incident Response plan (if you have one; otherwise read my next series) is vital. Read more

,

Social Engineering Awareness Training Part 3: Reinforcement and Incentivization

Reinforcement and Incentivization

At this point in the awareness life cycle, the culture has been set. Training has been designed and conducted. At this point, we are trying to reinforce the training and provide incentives for those who thwart attacks or report “interesting” attempts or by volume. Read more

Social Engineering Awareness Training Part 2: Designing Effective Training Program

Designing Effective Training Program

Image Reference – Pixabay

In a continuation from the previous post, we have established the culture of security. The population is ready to be trained, thus raising awareness. This prerequisite is key for setting up the training. Effective training will raise awareness for all levels of employees and add a layer of protection to the organization while also removing a level of insider threat. Read more

,

Social Engineering Awareness Program: PART 1

Building the Culture to Support a Social Engineering Awareness Program

Today, companies are investing more than ever before on protecting their IT infrastructure. As a response, hackers and, in turn, penetration testers are using a different vector to gain access to enterprises: the human element. Humans can be exploited using a variety of methods collectively known as social engineering. This broad category includes phishing, spear phishing, whaling, vishing, smishing, pretexting, dumpster diving, and tail gating. Read more