The holidays are a busy time for everyone… especially for hackers trying to phish your employees. Phishing is most effective when it exploits human emotions—fear, greed, anxiousness, curiosity, compassion, getting a good deal—and the holidays tend to bring these emotions out more than other times of the year. This gives adversaries a bevy of relevant topics to use to build phishing campaigns.
How can you ensure your employees are prepared for the onslaught of phishing attacks this holiday season? We’ve mentioned before that training your employees needs to be continuous, and if you have provided immersive security awareness training throughout the year, your employees will be more resilient to phishing attacks at all times. We’ve also noted the need to keep that continuous training fresh, and providing holiday themed training is a great way to provide training that is engaging and timely.
CHANTILLY, Va., Nov. 11, 2013 /PRNewswire/ — PhishMe, the leading provider of security behavior management services that improve employees’ resilience towards spear phishing, malware, and drive-by attacks, today announced that it has been selected as a SINET 16 Innovator. PhishMe will present its solution during the SINET Showcase 2013 to be held December 4-5, 2013 at the National Press Club in Washington D.C. The Security Innovation Network™ (SINET) is organization focused on advancing Cybersecurity innovation through public-private collaboration.
I’m often asked which employees are most likely to be targeted by phishing emails. It’s interesting to think about, but the truth is that adversaries will target whichever employees can offer access to the enterprise’s network—and that could potentially be anyone in your organization. Recent research from ProofPoint confirmed this, finding that staff-level employees were targeted by phishing attacks more often than middle and executive management.
The takeaway here is that for security awareness to be effective, it needs to include everyone in your organization. Aside from the obvious security necessity, including the entire organization in your security awareness initiatives enhances your program in a number of ways.