Artwork

Inhoud geleverd door Chris Parker. Alle podcastinhoud, inclusief afleveringen, afbeeldingen en podcastbeschrijvingen, wordt rechtstreeks geüpload en geleverd door Chris Parker of hun podcastplatformpartner. Als u denkt dat iemand uw auteursrechtelijk beschermde werk zonder uw toestemming gebruikt, kunt u het hier beschreven proces https://nl.player.fm/legal volgen.
Player FM - Podcast-app
Ga offline met de app Player FM !

Phishing Attack Awareness and Training with Josh Bartolomie

44:15
 
Delen
 

Manage episode 430499354 series 2774802
Inhoud geleverd door Chris Parker. Alle podcastinhoud, inclusief afleveringen, afbeeldingen en podcastbeschrijvingen, wordt rechtstreeks geüpload en geleverd door Chris Parker of hun podcastplatformpartner. Als u denkt dat iemand uw auteursrechtelijk beschermde werk zonder uw toestemming gebruikt, kunt u het hier beschreven proces https://nl.player.fm/legal volgen.

Criminals do their own recon to study how vendors craft their emails and how they can structure them to match. Scammers know employees are busy and that they want to act promptly on requests, but they also understand it takes time to verify the validity of the email. How do we train employees to know what is real and what isn’t?

Today’s guest is Josh Bartolomie. After joining Cofense in 2018 as the Director of Research and Development, Josh currently serves as the Vice President of Global Threat Services. He has over 25 years of IT and cybersecurity experience. He designed, built, and managed security operations centers, incident response teams, security architecture, and compliance for global organizations.

Show Notes:
  • [1:08] - Josh shares his background and what he does in his current role at Cofense.
  • [4:06] - After all these years, email continues to be an easy way for scammers to target many people at one time and victimize a percentage of them.
  • [5:52] - Wherever there are a lot of people, that is where attackers will go because that is a bigger pool of success for them.
  • [7:08] - You used to be able to block emails with an unsubscribe button, but now we rely on those emails, too.
  • [9:50] - The goal is not to stop them altogether, because at this point it isn’t possible. The goal is to dissuade people from clicking links and trusting emails.
  • [11:47] - With AI and LM, crafting emails has never been easier for scammers.
  • [13:48] - Organizations get hit in different ways, but HR generally gets targeted a lot.
  • [16:54] - Intellectual property theft is also a part of email crafting.
  • [20:14] - Chris shares the story of an unfortunate experience.
  • [25:10] - Acknowledge that these things do happen and they can happen to you.
  • [27:33] - Always call the vendor. It’s an extra layer and extra work, but never trust an email that says something has changed when it comes to finances.
  • [28:54] - Organizations should have a strong reporting culture.
  • [30:55] - Employees can report emails that seem suspicious. The majority of them are spam emails, rather than scams, but they should be reported.
  • [34:02] - What constitutes a spam email? What is the difference?
  • [36:13] - Organizations tend to cut IT and cybersecurity when there are budget cuts.
  • [39:18] - This is changing every single day.
  • [41:46] - Scammers collect data and create profiles. They are very sophisticated in their strategies to target organizations.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

Links and Resources:
  continue reading

245 afleveringen

Artwork
iconDelen
 
Manage episode 430499354 series 2774802
Inhoud geleverd door Chris Parker. Alle podcastinhoud, inclusief afleveringen, afbeeldingen en podcastbeschrijvingen, wordt rechtstreeks geüpload en geleverd door Chris Parker of hun podcastplatformpartner. Als u denkt dat iemand uw auteursrechtelijk beschermde werk zonder uw toestemming gebruikt, kunt u het hier beschreven proces https://nl.player.fm/legal volgen.

Criminals do their own recon to study how vendors craft their emails and how they can structure them to match. Scammers know employees are busy and that they want to act promptly on requests, but they also understand it takes time to verify the validity of the email. How do we train employees to know what is real and what isn’t?

Today’s guest is Josh Bartolomie. After joining Cofense in 2018 as the Director of Research and Development, Josh currently serves as the Vice President of Global Threat Services. He has over 25 years of IT and cybersecurity experience. He designed, built, and managed security operations centers, incident response teams, security architecture, and compliance for global organizations.

Show Notes:
  • [1:08] - Josh shares his background and what he does in his current role at Cofense.
  • [4:06] - After all these years, email continues to be an easy way for scammers to target many people at one time and victimize a percentage of them.
  • [5:52] - Wherever there are a lot of people, that is where attackers will go because that is a bigger pool of success for them.
  • [7:08] - You used to be able to block emails with an unsubscribe button, but now we rely on those emails, too.
  • [9:50] - The goal is not to stop them altogether, because at this point it isn’t possible. The goal is to dissuade people from clicking links and trusting emails.
  • [11:47] - With AI and LM, crafting emails has never been easier for scammers.
  • [13:48] - Organizations get hit in different ways, but HR generally gets targeted a lot.
  • [16:54] - Intellectual property theft is also a part of email crafting.
  • [20:14] - Chris shares the story of an unfortunate experience.
  • [25:10] - Acknowledge that these things do happen and they can happen to you.
  • [27:33] - Always call the vendor. It’s an extra layer and extra work, but never trust an email that says something has changed when it comes to finances.
  • [28:54] - Organizations should have a strong reporting culture.
  • [30:55] - Employees can report emails that seem suspicious. The majority of them are spam emails, rather than scams, but they should be reported.
  • [34:02] - What constitutes a spam email? What is the difference?
  • [36:13] - Organizations tend to cut IT and cybersecurity when there are budget cuts.
  • [39:18] - This is changing every single day.
  • [41:46] - Scammers collect data and create profiles. They are very sophisticated in their strategies to target organizations.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

Links and Resources:
  continue reading

245 afleveringen

Alle afleveringen

×
 
Loading …

Welkom op Player FM!

Player FM scant het web op podcasts van hoge kwaliteit waarvan u nu kunt genieten. Het is de beste podcast-app en werkt op Android, iPhone en internet. Aanmelden om abonnementen op verschillende apparaten te synchroniseren.

 

Korte handleiding