One means of training employees not to click on suspicious links in emails is to set up phishing stings — fake malicious emails that show them just how easy it is to become a victim.
"This email was in fact a mock spear-phishing campaign," he said during a speech at Federal Times' CyberCon on Nov. 18. "It bore many of the telltale signs, including an unusual from address and an embedded link."
Employees that clicked through the link received a follow-up message to come to a room in the building to receive their tickets.
"Our adversaries understand that human behavior can be exploited as a weakness," he added. "The answer to this particular big problem is pretty simple: raise awareness."
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.