I was at RSA in San Francisco last week. Great show, with ~30,000 attendees and packed exhibit halls at the Moscone Center. We invited KnowBe4 customers who were attending RSA for a dinner with Kevin Mitnick. We did an "Ask Me Anything" session, which everyone thought was very cool.
Kevin's got tons of highly entertaining stories. Everyone walked out with a personalized signed copy of his bestseller Ghost In The Wires and we decided to the the same thing at BlackHat this year.
There is a TON of news that was released at RSA 2015 this year. For instance Steve Ragan at CSO came out with a slide show that showed the more common phishing techniques were less effective last year, so
criminals changed their game in order to adapt.
Why do people click?
"The Phishing campaigns in 2014 were so successful because criminals didn't use tactics that end-users were trained to spot. Previously, the focus was on social media invites and other unsolicited messages. But when that changed, users couldn't keep up.
"When attackers changed their strategy to targeting corporate users with attachments in high-volume campaigns, while piggybacking on legitimate messages, such as email newsletters and opt-in marketing emails, end-users were faced with a large number of malicious email that they could not recognize as a threat," the report says.
"For example, there was a high volume of Microsoft Outlook Web Access (OWA) credential phish, as it is very easy to spoof these pages, and they produce high-value results."
Using data gathered from their own customers, Proofpoint, a Security-as-a-Service provider in Sunnyvale, California, says that while old school awareness training is working, criminals are still able to obtain a high degree of success in their phishing campaigns.
The company published their findings in a report released on Wednesday during the RSA Conference in San Francisco. The Proofpoint study concluded: "The central lesson of 2014 for CISOs is that while user education may have an impact, attackers can always adapt and adjust their techniques more rapidly than end-users can be educated,"
That is why you need new school Kevin Mitnick Security Awareness Training which combines interactive web-based training with frequent simulated phishing attacks which are adaptable and allow you to send campaigns to inoculate end-users against active criminal campaigns happening in real time.
For instance, we already have an Outlook Web Access Template in our extensive library at the System Templates -> Phish For Sensitive Information.
Here is the full article at CSO:
http://www.csoonline.com/article/2910940/social-engineering/rsa-conference-2015-criminals-targeting-gaps-in-user-awareness-training.html?
Want to find out what the phishing attack surface is of your own organization? Get your free Email Exposure Check now:
