Today we did a "Free Security Audit" with a company that wanted to test their 100+ employees. When we talked to the IT Manager and told him what simulated attack we were planning, he said that he would be surprised if anyone would click on that, as they regularly warned all employees about phishing. However, we got a 20% click rate... which means 20% of employees fell for the classic "You need to change your password" phishing attack. If we would have been bad guys, we would have completely owned that network. It shows the urgent need for Internet Security Awareness Training plus the constant reinforcement of that training.
Stu Sjouwerman
Stu Sjouwerman