Social engineering and phishing attacks are getting smarter, but are employers?

By   ISBuzz Team
Writer , Information Security Buzz | Sep 18, 2013 11:55 pm PST

A new study on user risk shows that employers are willingly conducting user awareness training, but only half of them follow-up with additional tests to gauge such training’s effectiveness.

As network defenses grow stronger, and the gaps within those various layers of protection shrink, criminals are looking towards the soft targets, including employees, contractors, and customers, in order to launch an attack. Such knowledge isn’t a secret, this is why user awareness training exists; it helps mitigate the risk associated with soft target attacks, including phishing and social engineering.

Earlier in the summer, CSO reported on a study that examined the risk associated by the soft targets working the helpdesk, but there’s more to the problem than just one business unit within an organization.

It isn’t just the fact that people are trained and expected to be helpful that makes such soft targets attractive to attackers; it’s that they’re left unaware of all of the potential attack surfaces they’re part of.