ZDNet recently published on a Crowdstrike report. It details how a major retailer was compromised through the actions of just one employee. In this case, the individual was working remotely from their laptop and fell victim to a . This specific phishing email directed the individual to a malicious website which subsequently distributed via the FakeUpdates attack.
What I thought was particularly interesting in this story is it outlines both the human and technical failures in this incident, including how the retail store failed to follow the concept of least privileges.
Managing cyber risk has become a priority from the Boardroom on down. Stories like this help emphasize that cybersecurity is more than just a technical challenge. It also includes the human element. Until organizations manage both technical and human risk, we will continue to lose this battle.
SANS Security Awareness offers a robust phishing awareness simulation training that can changes behavior.
We don’t rely on guesswork, we use the world’s best experts in Phishing and Defense to create phishing scenarios that are applicable to your organization right now. Our teaching methodology is defined by cognitive, behavior scientists who are authorities in maximizing learning effectiveness.