Guys, another awesome approach presented by ThreatSim company. There are tons of ways in which attacker can compromise any company or data. There are variety of sophisticated attacks, such as low-and-slow, several types of sabotage, espionage or high-level "open" intrusions. Then, going through some kind of automated programs (or self-propagated code), such as trojans, viruses, rootkits, parasitic viruses we are facing the problem of massive or distributed attacks. We know about DoS, pharming, spam, spoofing and finally phishing. Guys from ThreatSim, know how to handle the last one : phishing.
When standard phishing involves mass-mailing, spear phishing is in rather small scale, but is better targeted. Here ThreatSim company have lots to say about. They believe (and they have documented that!), that educating end-user is always the best step in prevention but not the last one.
ThreatSim is an immersive training and assessment solution that defends your organization from phishing attacks by teaching users how to identify and avoid phishing emails. Our SpearTraining method targets users with bad behavior by delivering training when they click on a simulated phishing email.ThreatSim enables you to run simulated phishing attacks against your employees on a regular basis in a safe and controlled manner. ThreatSim’s SpearTraining is delivered to the user when it will have the most impact: at the moment of simulated compromise.
They deliver a solution for personnel education and taking care of any vulnerabilities in browser and its plugin (Adobe, Java, Flash, SilverLight). What is great about them, they know that it is very easy for not-IT guy(or even for him - not intentionally) just to click on the delivered link or any other feed. It's obvious, and very often we can cautch ourselfs just doing so. ThreatSim made a step ahead, and is focusing also on the minutes after being compromised - how to behave after being owned, what to do, and how to reduce the impact ? They can answer these questions.
Educating users is critical and an integral weapon in the war against spear phishing. If traditional information security is putting out fires, SpearTraining with ThreatSim means teaching your people not to play with matches.(...)The attacker is human. The user is human.
To sum up, it is believed nowadays that massive-type attacks on human is the most effective way of compromising sensitive data in company. It seems that not only patching, tons of other layers of protection, and best security support can protect your company. The keys are ... staff awareness and education. Keep an eye on it!
Brak komentarzy:
Prześlij komentarz