A recent penetration test discovered that several employees were enticed to assist attackers by visiting specific websites and running downloaded files when prompted by phone calls. Which of the following would best address this issue?
A.
Increasing training and awareness for all staff
B.
Ensuring that malicious websites cannot be visited
C.
Blocking all scripts downloaded from the internet
D.
Disabling all staff members ' ability to run downloaded applications
Increasing training and awareness for all staff is the best way to address the issue of employees being enticed to assist attackers by visiting specific websites and running downloaded files when prompted by phone calls. This issue is an example of social engineering, which is a technique that exploits human psychology and behavior to manipulate people into performing actions or divulging information that benefit the attackers. Social engineering can take many forms, such as phishing, vishing, baiting, quid pro quo, or impersonation. The best defense against social engineering is to educate and train the staff on how to recognize and avoid common social engineering tactics, such as:
Verifying the identity and legitimacy of the caller or sender before following their instructions or clicking on any links or attachments
Being wary of unsolicited or unexpected requests for information or action, especially if they involve urgency, pressure, or threats
Reporting any suspicious or anomalous activity to the security team or the appropriate authority
Following the organization’s policies and procedures on security awareness and best practices
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit