Our customer needed a solution to reduce the number of phishing emails and social engineering attacks targeting their organisation. Increasingly sophisticated phishing and spear-phishing emails were bypassing technical security controls and colleagues were regularly duped into clicking malicious links. Traditional education and training efforts on how to identify a phishing email weren’t working as cybercriminal tactics evolved to counteract network security measures.
Our approach focussed on people, rather than malicious email campaigns. We designed a programme of Layer 8 Live workshops for high-risk groups, using story-telling techniques and scenarios to expose the mechanics of any social engineering attack. Including phishing emails, of course. Colleagues benefitted from a deeper understanding of manipulation techniques and their own vulnerabilities.
The workshops invited colleagues to step into the cybercriminal’s shoes to plan an attack against their own organisation. Participants were encouraged to consider the information assets they are responsible for, where they’re stored, who to target to gain access to them and when these individuals would have their guards down.
• Teams and individuals improved their understanding of their vulnerabilities, and developed and implemented collaborative strategies to mitigate further risk.
• Participants contributed towards the development of a Security Charter relevant to the entire business, based their own personal experiences and learnings from the workshop.
• Colleagues adopted pro-active attitudes towards defending against social engineering attacks targeting human weaknesses.