+
EDITOR’S QUESTION
CAROLYN CRANDALL, CHIEF
DECEPTION OFFICER AT
ATTIVO NETWORKS
//////////////////
T
he answer is: employee training,
employee training, employee
training. I can’t say it enough on
training. Continual reminders and training
on how to identify phishing emails and
best practices on how to handle them is
critical. Organisations should also conduct
ongoing internal tests to see if employees
will fall for simulated phishing emails and
those that do should receive individual
training and testing.
Establishments should also make it easy for
employees to submit suspicious emails with
a default email alias that everyone is aware
of. A better to be ‘safe than sorry’ approach
will encourage employees to openly submit
suspicious emails. It is also critical that
the review team promptly reply without
judgement on what is sent in.
For efficiency, some companies will use
automated systems to check to see if
the emails are malicious. More advanced
teams will also take the time to detonate
the malware to learn more about the
attacker’s tools, tactics and intent. These
features can be seen in various phishing
tools and in deception platforms that have
built-in sandboxes.
Phishing is the preferred method of
attack and techniques are getting more
advanced and authentic every day. For
organisations to stay ahead, it will be
critical to continually teach every employee,
contractor and supplier best practices for
not falling victim. And since we are all
human, put in place detection safety nets
so that in the event that mistakes are made,
the attacker can’t successfully advance
their attack.
www.intelligentcio.com
“
CONTINUAL REMINDERS
AND TRAINING ON HOW TO IDENTIFY
PHISHING EMAILS AND BEST
PRACTICES ON HOW TO HANDLE
THEM IS CRITICAL.
INTELLIGENTCIO
35