CHAPTER 5: ADDITIONAL CONTROLS FOR LARGER ORGANISATIONS
The following controls are suited to larger organisations as additional measures on top of those set out in the previous chapter. In many cases, they build on capabilities that should already exist or are developed in the earlier controls.
1.2 Phishing testing
Phishing training is all well and good, but if you decide that the measure of success is that the organisation has staved off ransomware attacks, you’re running the very real risk that the training hasn’t been effective. It’s also worth remembering that a ransomware attack may only need one person to slip up.
A low-risk way of assessing the effectiveness of your training is to run phishing simulations. These fire off fake phishing ...
Get The Ransomware Threat Landscape now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
