PhishMe Blog

STAY CURRENT ON INDUSTRY TRENDS & PHISHME NEWS

For effective security awareness, keep it focused

BY Rohyt Belani IN 7 Principles Critical to Security Awareness Programs, Blog

In their book, “Switch: How to Change Things When Change is Hard” authors Chip and Dan Heath examine how influencing humans to change requires appealing to two parts of the brain: the rational and the emotional. Since the emotional part of our brain often gets frustrated when asked to make huge changes, Chip and Dan recommend that we “shrink the change” to change behavior in the face of resistance. The Heaths cite financial guru Dave Ramsey’s “Debt Snowball” strategy as an effective example of shrinking the change. For people mired in a mountain of debt, this strategy advocates paying off…

READ MORE

0 comments

To make training stick, immerse employees

BY Rohyt Belani IN 7 Principles Critical to Security Awareness Programs, Blog

When aspiring pilots go through flight school, they learn both in a conventional ground setting and using a flight simulator. On the simulator, new pilots are immersed in the experience of flying, and receive real-time feedback about their decision making. Not surprisingly, the simulator is seen as a more effective training tool than conventional classroom training. One of the greatest challenges facing security awareness initiatives is providing employees with an experience they will actually remember and retain. Training users to avoid risky security behavior is not nearly as complicated as teaching someone to fly a plane, but just like with…

READ MORE

0 comments

Syrian Electronic Army continues to carry out successful data-entry phishing attacks

BY Aaron Higbee IN Blog

When the Syrian Electronic Army nailed a number of prominent media outlets earlier this year, we were pleased to see a number of open and honest responses from those that were breached, notably from The Onion and The Financial Times. Last week, the SEA was at it again, successfully hacking content recommendation service Outbrain, an attack which provided a foothold to compromise media behemoths The Washington Post, Time, and CNN. The SEA attacked Outbrain with largely the same tactics it has used so successfully in the past few months, by eliciting log-in credentials through a phishing email, the same tactics…

READ MORE

0 comments

To improve security awareness, think marketing

BY Rohyt Belani IN 7 Principles Critical to Security Awareness Programs, Blog, Uncategorized

Security awareness is a term that often makes IT security pros cringe. It brings to mind images of mind-numbing training or of ineffectual posters and stress balls urging employees to change their passwords frequently. Based on years of experience working with enterprises and other large organizations, we are launching a new blog series, “7 Principles Critical to Security Awareness Programs”, that will offer some insight in concepts we have incorporated in our solution to demonstrably improve security awareness for our customers. The first topic we will address is marketing. Changing behavior is one of the greatest challenges security officers face…

READ MORE

0 comments

Double Barrel Throwdown Results

BY PhishMe IN Blog

The winner of our inaugural Double Barrel Throwdown is @_tdudley. Her scenario leveraged curiosity, posing as a recruiter the email entices the recipient to click a link to find out about a lucrative job opportunity. This original idea was persuasive (who isn’t curious about an exciting job opportunity?) and realistic (recruiters send out emails like this all the time to corporate email addresses). Overall, the decision was not easy, but her entry stood above the rest when judged against our criteria: originality, persuasiveness, and realism.

READ MORE

0 comments

An untapped resource to improve threat detection

BY Scott Greaux IN Blog

Speaking in front of the House Committee on Special Intelligence earlier this year, Kevin Mandia (CEO of Mandiant) remarked that, “One of the most valuable resources in detecting and responding to cyber attacks is accurate and timely threat intelligence.”  Despite its value, many organizations don’t have a way to get timely threat intelligence. How can organizations improve in this area? If you know anything about us, it probably won’t shock you that we’re encouraging enterprises to focus on their users as a source of real-time threat intelligence. Given that the vast majority of targeted attacks focus on the end user…

READ MORE

0 comments