Phishing has been around for 20 years, and it will continue as long as there is money to be made. To date, combatting it involves upgrading antivirus and endpoint detection and response (EDR) software, while educating users not to click on “suspicious” attachments or links.
We’ve been failing miserably.
It is time for a new approach, one in which we assume employees will click on nefarious attachments — at which point, the employees become attackers and are treated as such, says Tom Masucci, Security Sales Specialist at Hewlett-Packard.
For example, imagine your CEO is lured into clicking on a malicious attachment. “As soon as the CEO takes the bait, the CEO’s machine is infected and by extension, so is the enterprise. At that point, the CEO becomes the attacker,” Masucci says.
To read this article in full, please click here
Support the originator by clicking the read the rest link below.
