Phish Your Own Staff: Arming Employees to Beat Modern Attacks

Social engineering has long been the preferred route for hackers, whether through the front door or using social media and email. So what better way to protect against the threat than with a bit of ‘social pen-testing’? Davey Winder reports. Phishing remains a very real threat to organizations of any size. Symantec research showing a 91% increase in spear-phishing attacks from 2012 to 2013 tells us that much. But forget thinking of the threat in terms of the old Nigerian 419 or Canadian National Lottery scams. The bad guys have moved on and so must you if you’re to avoid falling victim to increasingly sophisticated and sector-specific targeted phishing attacks. You need to start thinking about implementing a social engineering vulnerability evaluation strategy. But when is the right time, and what is the right strategy?