Appropriate venue to find out about the state of art of spear phishing defense?

• Previous message (by thread): Appropriate venue to find out about the state of art of spear phishing defense?
• Next message (by thread): Celebration: RADB appears to now filter RPKI-invalid IRR route/route6 objects
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/13/23 12:29 PM, Mel Beckman wrote:
> We use KnowBe4.com's user training. That's really the only way you can 
> fight this, since its a human problem, not a technical one. These guys 
> provide fully automated, AI based (well, who knows what that means) 
> simulated phishing attacks, largely to give users real-world practical 
> experience detecting and fending off attacks. You get a report card on 
> each users to, so you know where the weaknesses are in your staff 
> knowledge. Their training regimen includes some pretty good 
> self-guided instructional videos.
>
> DMARC, SPF, digitally-signed emails, encryption, none of that matters 
> if a user can be tricked into letting the crooks in the front door.
>
I think that both are needed, to be honest. The signatures can be a tool 
in the user's arsenal but if they are clueless and gullible there isn't 
much you can do about that.


Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20231113/687024be/attachment.html>

• Previous message (by thread): Appropriate venue to find out about the state of art of spear phishing defense?
• Next message (by thread): Celebration: RADB appears to now filter RPKI-invalid IRR route/route6 objects
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]