As Social Engineering Tactics Change, So Must Your Security Training
DARKReading, January 19th, 2023
Craft specific awareness training for high-exposure teams like finance, and reinforce other critical awareness training across the organization.
After hardening our corporate environment and improving our device management as the chief information security officer (CISO) with other organizations, I began to notice the threat landscape changing and evolving rapidly. Specifically, social engineering and phishing tactics shifted seemingly overnight and continued to stay steps ahead of our awareness training.
Instead of sending emails to corporate addresses protected with multiple security solutions, cybercriminals started doing their homework, using social media sites like LinkedIn to capture names, roles, and photos to build dossiers on individual users.