Layered Controls And User Education
Rocky DeStefano, Senior Vice President of Innovation and Development, Denver-based Optiv, No. 25 on the 2021 CRN Solution Provider 500
Broadly speaking, one of the most effective elements of an anti-phishing strategy are a focus on user education and encouragement of the right behaviors through training and continual validation through testing.
Phishing remains a leading initial vector into an organization and successful mitigation of that risk requires several layered controls, including email threat management, threat intelligence, awareness [and] training, automation of playbooks, simplified user reporting and, of course, implementation of the principals of least privilege for users. The layering of security controls is keenly important because two facts are incontrovertible: An email will get through and some user will click.