Phishing: It's Not Just for Pentesters - Using Phishing to Build a Successful Awareness Program presented at SourceBoston 2018

by Joe Gray,

Summary : Social engineering attacks remain the most effective way to gain a foothold in a targeted organization. When technology holds up to the test of attack, the human element is often exploited for entry into an organization. The frequency and level of training an employee receives can thwart an attack or amplify it. An example is the Google Docs attack that occurred recently. This attack propagated to a status near that of a worm in part because people were not trained to spot the issues. This talk will discuss the dynamics of creating an effective awareness program and teach practitioners how to create and run a successful internal phishing program to measure the efficiency of the training and help keep users on their toes.