Need for cultural change regarding cybersecurity
Roger A. Grimes (KnowBe4’s Data-Driven Defense Evangelist) wrote an excellent Comprehensive Anti-Phishing Guide to help IT personnel combat increasing threats from phishing.
Among the important points Roger Grimes made were:
Training: We have to accept that there will always be to some degree phishing and social engineering activity that will bypass even the best or our defenses. Consequently, it is important to train employees how to recognize phishing and social engineering activity and how to manage them. Social engineering and phishing have long been thought to be the principal cause for many malicious data breaches. Fostering good security awareness training is indispensable to building a human firewall.