Is phishing still a major focus at your organization?

2.4k views2 Upvotes7 Comments

Head of Security in Software, 501 - 1,000 employees
We conduct phishing exercises throughout the year. There is a simulation running every day, hitting different people of course. I use these to draw metrics and see who is the least resilient to phishing, which tells me who the high-risk staff members in the organization are. If I want to go the route of taking backups then that is my driver because if I start taking backups for everyone, it is very difficult to manage.
Head of Business Technology in Software, 201 - 500 employees
Our CISO has been doing a number of training sessions for internal employees on how to be aware of ransomware, phishing, etc. People know they are not supposed to open a certain kind of email, and then they still open it. But why do we even let that email reach my inbox? What are we not doing that can prevent that? And if something happens, how do we rescue ourselves? That is where my interests lie.
1 Reply
CISO in Software, 51 - 200 employees

I look at awareness training and all that stuff—not everybody gets A’s and that's the problem. So it makes it tough.

Chief Security Officer, VP of Info Svc, Analytics and Cloud Infra & Operations in Software, 201 - 500 employees
I have phish testing on autopilot for the whole organization. I’ve taught the team to report phishing even if it's a phishing test and I've integrated that with my security orchestration, automation, and response (SOAR) so that it will know if it's a test or a legitimate phish. And if it's a legitimate phish, then it will enhance that with indicators of compromise (IOC) data, a URL filter, and things like VirusTotal, so it will check if those things are risks. And if they are, then it will launch my instant response program.
Director of Marketing, 51 - 200 employees
Bad actors are getting in through phishing but there are also more aggressive attacks where they're going through security holes, etc., so, while phishing should absolutely still be a priority, understanding other potential attack vectors in your environment is critical.
Chief Information Officer in Healthcare and Biotech, 1,001 - 5,000 employees
All forms of email phishing remain the number one attack vector into an organizational infrastructure. The top priority of email phishing is account credential compromise, which is also the number one hacker method behind data breaches. The effort to educate staff and maintain staff awareness of phishing is the best security investment against data breaches.
Chief Information Officer in Manufacturing, 10,001+ employees
As a Higher Educational Institution, we have seemed an uptick in email phishing scams.  We're a new section in our security strategic plan that solely focuses on this issue.

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
47.2k views133 Upvotes326 Comments

Founder, Self-employed
Work travel is a privilege. Embracing your experience to meet new people, and see the beauty of nature and culture wherever you go.
Read More Comments
80.7k views72 Upvotes48 Comments

Malicious use of AI algorithms for targeted cyberattacks20%

Unauthorized access to sensitive AI models and data68%

Adversarial attacks compromising the integrity of AI systems9%

Lack of transparency and explainability in AI decision-making processes3%