Dark Reading
Protect The Business - Enable Access
CISO GUIDE: FISMA Compliance
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
EBOOK: 7 Truths of IT Governance
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
BUYERS GUIDE: Endpoint Protection
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Topics: Security Views
Phishing Your Users for Better Security
A couple of years ago, William Perlgrin taught users about phishing...by phishing them. In doing so, the director of the New York State Office of Cyber Security and Critical Infrastructure Coordination, created an awareness program that (for the most part) worked. By Gadi EvronDark Reading
A couple of years ago, William Perlgrin taught users about phishing...by phishing them. In doing so, the director of the New York State Office of Cyber Security and Critical Infrastructure Coordination, created an awareness program that (for the most part) worked.By sending fake phishing email messages to his own users, Perlgrin was able to measure the risk of a targeted spear phishing attack against his organization. He then spoke to those users who fell for the phishing.
Perlgrin then repeated the experiment, showing a significant decrease in the susceptibility of his users.
In the end, some users were simply unable to learn, but not many.
Interestingly, this experiment was continually conducted, with respect to human psychology.
"This is not a one-shot deal," Pelgrin says in the article mentioned above. "I've got to reinforce that behavioral change to make it permanent."I tell people in the industry about this experiment as much as I can; two years later I am still very excited about it. User education is one of the biggest problems facing a security program, and when one shows to be so highly successful, it needs to be copied and reimplemented as much as possible.
If you are successful with it, then please let me know how it worked out for you.
Follow Gadi Evron on Twitter: http://twitter.com/gadievron
Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading.
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
Subscribe to RSSHow To Spot A Fake Facebook Profile
FDIC Warns Of 'High Risk' Payment Processors
More Than Half Of Cyberattacks Come From Asia
MORE KEYHOLE
