BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Just about every attack against enterprises today has its roots in social engineering.
In fact, attackers do significant reconnaissance against targets and mine data in order to craft campaigns that will help them successfully infiltrate organizations to steal target data and access information.
Fortunately, there are a number of steps enterprises can take to prevent employees from falling victim to social engineering scams.
In this podcast, David Sherry, chief information security officer of Brown University, outlines the basics of social engineering, how enterprises can train employees about the inherent risks of social engineering scams, and the latest attack methods and schemes attackers are using to compromise their prey.
Listen in now to also learn what an enterprise should do when an employee is compromised by a social engineering attack, as well as the various technical controls that enterprise security teams should put in place to prevent, detect and mitigate social engineering scams.
About the speaker:
As chief information security officer of Brown University, David Sherry is charged with the development and maintenance of Brown's information technology security strategy, IT policies and best practices, security training and awareness programs, as well as ongoing risk assessment and compliance tasks. A CISSP and CISM, Sherry has 20 years of experience in information technology. He previously worked at Citizens Bank, where he was vice president for enterprise identity and access management, providing leadership for compliance and security governance.
Read more about phishing attacks