Most companies spend a great deal of money on IT security. We secure data centers, networks, PCs, tablets, phones, and now with IoT... everything that has an IP address. All of these things are important and must be secured. But the reality is that human beings represent the actual endpoint of most information and technology.
Whether being responsible, or being mandated to do so, many companies conduct periodic security awareness training to make people part of the defense system. Organizations try to create a “security culture” by sharing threat information, posting visual reminders, and making announcements. In the end, many people become desensitized to all of this and cyber criminals know people are busy and generally have a good and trusting nature which makes them vulnerable. This is why spear phishing has evolved so significantly into many of the breaches we have seen recently.
Policies and procedures are helpful, but we need to continuously educate and remind users of their responsibility relative to security and how to meet it. Anti-Phishing Behavior Management (APBM) services and tools allow you to periodically simulate phishing and similar attacks, allowing us to monitor and measure how secure our people are in their behavior. Many of these vendors also provide training and remediation.
We should always be vigilant in protecting our technology assets. We also need to acknowledge that our people are our real endpoints; they are often our last line of defense against new and evolving threats. So let’s help them, to help us keep our organizations secure.