Client in the News: Training users to defeat social engineering | FierceCIO:TechWatch

Stu Sjouwerman, founder and chief executive of KnowBe4 runs a course aimed at protecting organizations from security breaches initiated from end-users. Sjouwerman believes that training is one way companies can build a strategy of defense in depth.

As reported by InfoWorld, part of the training material has well-known former hacker Kevin Mitnick demonstrating the threat of various innocuous activities that phishers would like users to execute, such as opening certain documents and clicking on a URL.

“All organizations should take the defense-in-depth concept serious, and especially pay attention to the outer layer: policies, procedures, and awareness,” Sjouwerman told InfoWorld.

The Essentials of the Cloud in 2012

The company essentially starts with a baseline “Phishing Security Test” where users in an organization are sent phishing emails, and results of the number of users who clicked on the links are collated as a benchmark. Users are then sent for training, after which administrators will send out various fake phishing tests to ascertain the return on investment and determine whether users need more training.

While I agree that some security training makes sense, not everyone agrees that more training is the way to go. You can read more about this alternative point of view in today’s editorial.

via fiercecio.com

Advice Disclaimer. This information is not intended to be a substitute for professional public relations or legal advice. Do not disregard professional legal advice or delay seeking professional PR or legal advice because of something you have read here. Contact an attorney to obtain advice on any particular legal issue or problem. Use of this Web site or any of its e-mail links do not create an agency-client relationship between JoTo PR and the user.