美国伊利诺斯州绍姆堡 —Findings from a recent ISACA survey about strategies for phishing defense showed that only 12 percent of the roughly 1,5000 respondents were completely confident in their ability to assess the effectiveness of their phishing awareness efforts.
在这篇新论文中, 网络钓鱼防御和治理, 与特拉诺瓦安全公司合作发布, ISACA outlines key takeaways from this phishing research that reached security, 保证, 风险和治理专业人员, 包括:
- Only a slight majority (63 percent) regularly monitor and report on the effectiveness of their activities.
- 38 percent of respondents reported that their organizations develop security awareness collateral and anti-phishing materials internally.
- 85 percent of enterprises measure and regularly report on the effectiveness of their phishing awareness programs
There is still a divide when it comes to organizations employing awareness activities such as email newsletters and online and in-person training, when compared to assessments of what employees have learned, through simulations and other knowledge-based tools. Simulation is not a common component of phishing awareness and training, with only 57% of those surveyed saying they perform phishing simulation, and 25% reporting they use other active knowledge-based assessment of employee phishing behavior.
“Current phishing defense strategies and implementation are clearly not hitting the mark,弗兰克·唐斯说, ISACA网络安全实践总监. “Strengthening these defense activities and improving outcomes is within reach, 但是需要仔细的计划和执行, and eliminating any gaps in managing and implementing these security awareness initiatives internally and externally.”
网络钓鱼防御和治理 also examines the potential correlation between joint internal and outsourced collateral development and the increased ability to report and measure on effectiveness, as well as the ways in which external service providers can be used to help support phishing defense. The white paper also provides some main areas of improvement where professionals should focus their attention when seeking to improve their phishing defenses, 包括:
- Ensuring the organization has the capability to validate user behavior modification (such as through a phishing simulation)
- Evaluating the outsourcing or co-sourcing relationships in place and determining where the organization has gaps in the quality of information it is receiving
- Setting clear goals for improvement and tracking to them
“Phishing attacks continue to grow each year both in number and in cost to organizations globally and countless new phishing scenarios are created every day,西奥·扎菲拉科斯说, Terranova安全公司的首席信息安全官. “While human error continues to prevail as the leading cause of all breaches and security incidents, security professionals agree the most effective way to reduce human risk is with security awareness and phishing simulation training.”
网络钓鱼防御和治理 白皮书可在此免费下载 6pgo.ewepub.com/phishing. For another perspective on phishing, read this ISACA Now blog post, “The C-Suite is the New Main Target of Phishing,” by Harold Walker, CISSP, Phishing Awareness Evangelist, Terranova Security.
关于Terranova Security
Terranova Security is a global leader in security awareness training, 获得Gartner®认可, with 1000+ successful phishing awareness and security awareness training programs spanning over 6-million users. Terranova Security is committed to partnering with CISOs and security professionals to help reduce human risk and support each organization with a personalized and consultative approach for phishing and awareness training needs. Uniquely positioned to support security leaders govern, 管理和衡量行为的变化, Terranova Security provides true flexibility and delivery models for phishing and security awareness training. 了解更多: terranovasecurity.com.
关于ISACA
现在是 50周年 年,ISACAewepub.com) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by information and technology, and ISACA equips professionals with the knowledge, 凭证, education and community to advance their careers and transform their organizations. ISACA利用其460名成员的专业知识,其中包括140万名专业人员,000澳门赌场官方软件信息和网络安全, 治理, 保证, 风险与创新, as well as its enterprise performance subsidiary, CMMI研究所,以科技推动创新. ISACA在188个国家设有分支机构, including more than 220 chapters worldwide and offices in both the United States and China.
Twitter: http://twitter.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.脸谱网.com/ISACAHQ
Instagram: www.instagram.com/isacanews
联系人:
艾米丽·范·坎普,+1.847.385.7223, evcamp@ewepub.com
