Webinar Takeaway: Roger Grimes Teaches You Phishing Mitigation

My key takeaways

~40 threats/day in 2020 to take care of

top 3 initial breach root causes

social engineering
unpatched software (>90% Java)
medium threat

general mitigations

policies
tech. defenses
security awareness training

Also educate your vendors about your AUP

include a phishing mitigation section in your AUP

paying everybody $1000/year who doesn't fall for any phishing mail (real or simulated) is a lot cheaper then paying ransom to ransomware criminials

anybody can be phished! more honey, less sticks

reasons for cyber security insurances

limit the cost if hit by an incident
help you to recover as quick as possible (to limit their costs)

be aware of exclusions in cyber security insurances

Env

Ethical considerations in phishing tests: to inform employees or not?

TL;DR This article delves into the ethical considerations in phishing tests, highlighting the balance needed between conducting realistic simulations and maintaining fairness in cybersecurity training. This article explores the complexities of conducting phishing simulations in the workplace. Key takeaways include the importance of transparency in fostering a positive security culture, building trust through clear communication,

Webinar takeaway: Implement DMARC the Right Way to Keep Phishing Attacks Out of Your Inbox

My key takeaways DMARC uses SPF and/or DKIM In 2021 the National Defense Authorization Act says the Department of Homeland Security (DHS) must implement DMARC US wide there exists an RFC for "email from" SPF = receiving email server checks MAIL FROM address or the domain’s IP address in the HELO handshake against the sender’s

Jean-Christoph von Oertzen

Blog

Infosec glossary

Webinar Takeaway: Roger Grimes Teaches You Phishing Mitigation

My key takeaways

Env

You may also like

Ethical considerations in phishing tests: to inform employees or not?

Webinar takeaway: Implement DMARC the Right Way to Keep Phishing Attacks Out of Your Inbox