There are a lot of products on the market purporting to be the best way to run defense against nation-state adversaries’ email spearphishing attempts. But there’s one part of defending against spearphishing in particular that the U.S. Marine Corps Forces Cyberspace Command’s cyber technology officer endorses: context.
For Renata Spinks, the goal is not to just make sure employees understand they should avoid clicking on what appear to be malicious links, but to make sure they understand the bigger picture of what they’re protecting, she said Tuesday.
“Instead of just [test] phishing attempts, teach your employees why phishing attempts are so important and make it relatable,” Spinks said at the Fortinet Security Summit, produced by FedScoop and StateScoop. “Data is your most critical commodity, but people [are] the best asset you can have.”
Spearphishing emails often seek to pilfer off passwords and credentials from victims who click on links or attachments that purport to be legitimate links or files, but which actually download malware onto victim systems that may enable credential stealing, among other nefarious goals. If the Marine Corps, which runs offensive and defensive operations in cyberspace, loses credentials to adversaries, its mission could be compromised.
Support the originator by clicking the read the rest link below.
