We’ve written about growing efforts to combat social engineering by improving “cybersecurity culture.” Part of that can include using data to determine which employees are most at risk for failing to maintain the security culture. The recommendation comes in this Axios report:
“Between the lines: Personalizing employee training and awareness programs can go a long way in preventing successful social-engineering attacks, Ashley Rose, CEO and co-founder of Living Security, told Axios.
- Companies are often already collecting data about which employees reuse passwords, who needs access to sensitive data for their roles, and which teams are receiving the largest volume of scam emails.
- Using that data, organizations can easily tailor internal security controls, such as implementing stricter email filters, for those who are most at risk of being duped by an email or call, Rose said.”