Best Defense Is Educated End Users
Attackers often target the human element during the first phase. Many phishing messages are difficult to spot, but educated end users will be more suspicious of unsolicited email messages containing links and file attachments, security experts told CRN. The security culture within an organization cannot be changed overnight, but most successful user awareness programs don’t rely solely on a single web-based computer test. Programs need strong leadership and executive buy-in, said Caroline Wong, author of "Security Metrics: A Beginner's Guide," and security initiatives director at software security firm Cigital. For best results, training needs to be sustained over time, Wong said.