Since years, e-mail is one of the main attack vectors that organisations and individuals face. Malicious actors use e-mail messages to run phishing attacks, to distribute malware, and to send around various types of scams. While technical solutions exist to filter out most of such messages, no mechanism can guarantee 100% efficiency. Recipients themselves are the next, crucial layer of protection - but unfortunately, they fall for the various tricks used by attackers way too often.
This presentation will start with a quick overview of social engineering tricks used these days in both generic and targeted attacks. We will briefly look at strengths and limitations of technical counter-measures such as spam filters and antimalware protection. We will then focus on the human aspect, and in particular on user education. Lessons from awareness raising campaigns run at CERN in the last few years will be discussed, and compared to approaches employed by other organisations, and proposed by companies offering commercial solutions.
|Consider for promotion