In response to the news that the US Census Bureau has asked for additional IT security training for its staff – including tips on how not to fall for phishing emails – in the wake of last week’s server breach, Kevin Epstein, VP of Advanced Security and Governance at Proofpoint commented on the US Census Bureau staff to take anti-phishing classes.
Kevin Epstein, VP of Advanced Security and Governance at Proofpoint :
“Like fire drills, training using ‘phish’ sent by a testing company can assist in training users — but as our research has shown, even best-in-breed organizations and staff are still fooled. Statistically, everybody clicks — so it’s crucial to augment training with a modern targeted attack protection and threat response system that assumes there will be clicks and engages accordingly”
“While traditional techniques such as network honeypots and training are still impactful, the Human Factor report clearly demonstrated that users will still be exposed to threats, and everybody clicks. Moreover, they’ll click not only when at desktops, behind firewalls — but also on mobile devices and their own computers, and home or coffee shops or remote. Modern targeted attack protection and threat response systems build those assumptions into their defensive measures accordingly. Such systems use the volumes of data generated by the flow and response of attacks and users to adapt in real-time to new attacker techniques, from different signature malware to new malicious sites — and even to predictively assess risk and preemptively take action against anticipated malicious files or URLs. There are more attackers than defenders at any single organization; only with more big-data correlation can defenders hope to prevail.”[su_box title=”About Proofpoint” style=”noise” box_color=”#336588″]