According to research from IBM, the average cost of a ransomware attack to an organization – not including any ransom payments – is over $4.6 million. Phishing is a primary tool of ransomware attackers – and they are becoming ever more sophisticated in their approach. Successful phishing attacks involve a complex combination of both technical and social engineering methods. This means that any defense against these attacks must involve technical controls as well as employee training on an ongoing basis that is measurably engaging and effective to help your employees avoid the behavioral traps set by attackers.
Maurita Margic, manager of security awareness & training at Adobe, will discuss best practices learned in developing a security training curriculum around phishing that more closely aligns with actual human behaviors. She will also discuss trends in the current threat landscape around phishing to help guide you in development of your own training approaches. The methodologies discussed here will help you understand the basic pillars of a solid program, how you can measure success, and how you can ensure success by creating fun, engaging activities that closely align to employee behaviors.