If you tell the truth, you don’t have to remember anything.

—Mark Twain

Now that we’ve covered the fundamentals of social engineering and OSINT collection, it’s time to talk about how an organization can minimize the impact of these attacks or even prevent them altogether. Although you’ll rarely be able to stop all attacks, you can take steps to reduce an attack’s success rate and lessen its harm if it does succeed.

This chapter covers three such techniques: awareness programs, reputation monitoring, and incident response. We’ll discuss the elements of a successful awareness program, explain how to implement ...