Criminals are increasingly moving to social engineering-focused attacks, but organizations are reacting the same ways they always have: roll out some CBT-based training and check the box under “Employee security awareness training.” While not entirely a waste of time, this approach is not solving the problem.
Users aren’t just part of the problem; they’re part of the solution. Creating a security culture takes more than security awareness training. It takes commitment from all parts of an organization. The issue is no longer how to reduce the number of people inviting in threats to our network; it’s how to leverage our staff to be a key component of our security strategy. Chester Wisniewski explains why we need users to take an active part in helping manage security risk in order to improve security and better defend against and respond to phishing attacks.
Exploring the issue from both a psychological and technical perspective, Chester shares advice and practical examples from successful security programs, including tips for securing top-level support from management, approaches for effectively measuring success, how to use the criminals’ playbook to your advantage, and how to use human resources to assist with detection and remediation.
Do you have 500 employees who might accidentally introduce risk or 500 remotely deployed sensors augmenting your traditional monitoring tools? The decision is up to you.
Chester Wisniewski is a principal research scientist in the office of the CTO at Sophos. Chester has been involved in the information security space since the late 1980s. He divides his time between research, public speaking, writing, and attempting to communicate the complexities of security to the press and public in a way they can understand. Chester has spoken at RSA, InfoSec Europe, LISA, USENIX, Virus Bulletin, and many Security BSides events around the world. He also regularly consults with NPR, CNN, CBC, the New York Times, and a number of other media outlets.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org