What Does an Internal Attack Resulting in a Data Breach Look Like in Today’s Threat Landscape?


A common scenario is one in which an attacker gains access to an internal network via a compromised workstation that has been infected with malware, invariably via a social engineering email attack. No enterprise is immune to this type of insider attack. We all, at some point, took the bait and clicked unsolicited links masquerading as “Open Position” or “Mandatory Open Enrollment” or “Extra Floating Holiday”, etc.

Before I go on, let me say that while no organization is immune to this type of attack, there are things that a security team can do to make the organization a harder target like creating a simulated phishing attack. This exercise requires some preparation and planning, plus internal executive approval to move forward, but it’s worth it. Over time, as you roll out periodic phishing simulations, you should aim to show progress in the form of an increase in awareness about phishing and a wider knowledge of best practices across your organization.

Read more…
Source: Imperva