EDITOR’S QUESTION
That is not to say that continuous staff
education is not required. Quite the opposite
– staff need to learn how to recognise
phishing attempts. This can be considered
the last line of defence as malicious mails will
already have broken through the technical
controls. Mechanisms need to be put in
place that assist staff to report and test for
phishing attempts.
Staff performance in this regard also needs
to be measured. Be wary of naming and
shaming users who become attack victims.
Public admonishment of staff may make
them less likely to report phishing attempts.
One thing is certain – despite your best
efforts your staff will be successfully phished.
Planning for that event and factoring in both
technical and human failure or error are
essential parts of a well thought out anti-
phishing strategy. It is essential to have an
incident response plan in place as well as the
deployment of technologies such as browser
isolation and multifactor authentication in
order to limit the impact of an attack. All of
these measures will combine to assist with
the speed and quality of recovery from
these attacks.
www.intelligentcio.com