PART IVCreating a Great Security Awareness Program
Because at least some percentage of social engineering and phishing attacks will make it past your policies and technical defenses and get to your end users, the last layer of defense is education. Chapters 11 through 17 cover security awareness training. Chapter 11 gives a general overview of a great security awareness training program. Chapter 12 covers how to do training right. It doesn't just happen accidentally. Chapter 13 explains how to tell the difference between legitimate and rogue URLs and includes examples of advanced tricks that hackers use to fool end users. Chapter 14 is dedicated to fighting spear phishing, which is responsible for the vast majority of successful data breaches today. Chapter 15 shows how anyone can forensically inspect a suspected phishing email to determine whether it is a malicious email. Chapter 16 covers miscellaneous hints and tricks that can help you fight social engineering and phishing. Chapter 17 ends the book by presenting how to make cybersecurity a default and healthy part of your organization's culture.