I recently stumbled upon an insightful piece penned by Roger Grimes of KnowBe4 on Spiceworks: The Two Best Things You Can Do to Protect Yourself and Organization. KnowBe4 is the world’s first and largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering.
Intriguingly, these two techniques—social engineering and vulnerability exploitation—are often employed in conjunction. A perfect illustration is an email that uses social engineering to convince a user to download a malicious payload, thereby initiating an attack exploiting an unpatched vulnerability. This is consistent with Kevin Mandia’s view on vulnerability exploitation and reinforces the exploitation statistics by KnowBe4.
Key takeaways:
- Countering social engineering requires a multi-faceted approach, including policies, user training, content filtering, and more. To get an in-depth understanding of how best to combat social engineering, refer to KnowBe4’s comprehensive guide: https://blog.knowbe4.com/new-e-book-comprehensive-anti-phishing-guide
- Aggressively patch any software and firmware vulnerabilities as these are often exploited by malicious entities to cause havoc.
What are you doing to combat these two most common root causes of cyberattacks? Let’s discuss this on the Action1 subreddit or Action1 Discord.
About Action1
Action1 is the #1 risk-based patch management platform for distributed enterprise networks trusted by thousands of organizations globally. Action1 helps to discover, prioritize, and remediate vulnerabilities in a single solution to prevent security breaches and ransomware attacks. It automates patching of third-party software and operating systems, ensuring continuous patch compliance and remediation of security vulnerabilities before they are exploited.