Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

DRTV

Regular User Awareness Training Still the Best Security Tactic

100%
0%

Email continues to be the largest area of exposure for most organizations, and phishing emails lead the charge, according to Stu Sjouwerman, founder and CEO of KnowBe4. And while AI and machine learning can make a difference, these same tools are used by the bad guys, Sjouwerman adds. Regular, monthly trainings help reduce phishing click rates.

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
lakers85
50%
50%
lakers85,
User Rank: Strategist
5/3/2019 | 8:03:49 AM
Email Security Appliance
I would hope that most, if not all, SMB and large organizations would utilitze some form of an email secuirty appliance or software to help limit the number of phishing email entering the organization. Lets face it, how much training do end users actually receive on a yearly basis...let alone on a monthly basis.

At the end of the day, the human factor is the catch all and recognizing that you should 'not' click on that link is the ultimate security measure to prevent a breach. 
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
3/12/2019 | 12:21:25 PM
Re: Email rule
Jackson county, Georgia - $400,000 ransomeware payment - gee betcha under education would have helped here.  Also having a competant IT department with a real backup and disaster recovery plan too.  
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
3/8/2019 | 3:15:26 PM
Re: Email rule
Agreed, the worst thing I see is when a user isn't sure who a phish is supposed to go to so they forward it around the company. 
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
3/7/2019 | 2:31:53 PM
Email rule
Easy: IF YOU DON'T NEED IT, DON'T READ IT, DELETE IT.    This would save about half the world. 
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11458
PUBLISHED: 2020-04-02
app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from databas...
CVE-2020-8015
PUBLISHED: 2020-04-02
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.
CVE-2020-1927
PUBLISHED: 2020-04-02
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
CVE-2020-8144
PUBLISHED: 2020-04-01
The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware u...
CVE-2020-8145
PUBLISHED: 2020-04-01
The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup� and “wizard� endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP ...