Hacking Humans

Fighting off phishing.

Apr 25, 2024

Roger Grimes, a cybersecurity expert, discusses phishing in the podcast. Stories include a phishing service shutdown, an Ohio man shooting incident due to a phone scam, and an email scam from a Chinese company. The podcast highlights real-life vulnerabilities, LinkedIn impersonation challenges, and the importance of cybersecurity awareness and defense strategies.

51:38

Creator website

Episode guests

Roger Grimes

AI Summary

Highlights

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Social engineering and phishing account for 70-90% of successful data breaches, emphasizing the need for strong defenses in policy, technical, and training aspects.

Organizations often neglect investing in training to combat social engineering attacks, allocating minimal resources despite their prevalence as a primary threat.

Frequent security awareness training and simulated phishing campaigns are essential to educate employees effectively and reduce susceptibility to phishing attacks.

Deep dives

Three types of defenses for every threat: policy, technical, and people

Roger emphasizes the importance of having three types of defenses for every cybersecurity threat: policy, technical, and training for people. He highlights that social engineering and phishing are responsible for 70 to 90% of successful data breaches, and by addressing these issues effectively, organizations can mitigate a large portion of cybersecurity risks.

Proactive Security Measures

00:53

Awareness is Crucial in Avoiding Scams

01:26

Awareness Gap in Cybersecurity

00:45

Teaching about Social Engineering and Trust in Cybersecurity

01:11

Introduction

5min

Addressing Impersonation Challenges on LinkedIn and Platform Discontent

2min

Combatting Cybercrime and Scam: Challenges and Tragedies

19min

Navigating Workplace Email Scams and Security Awareness

4min

Defending Against Social Engineering and Phishing Attacks

15min

Emphasizing the Crucial Role of Social Engineering in Cyber Attacks

6min

Roger Grimes, a Data Driven Defense Evangelist from KnowBe4 and author is discussing his new book, "Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing." Dave and Joe share some listener follow up, the first being from listener Tim, who shares a story of him almost falling for a scam involving some of his investment assets. Lastly, Dave and Joe share a story from an anonymous listener who wrote in to share about a LinkedIn imposter nightmare. Dave's story focuses on a how the LabHost PhaaS platform was disrupted by a year-long global law enforcement operation, resulting in the arrest of 37 suspects, including the original developer. Joe shares the story of an 81 year old Ohio man, who was arrested after shooting a woman after both of them got wrapped up in a phone call scam. Our catch of the day comes from Robert, who writes in with what he believes is a email scam from a Chinese company called "Infoonity."

Please take a moment to fill out an audience survey! Let us know how we are doing!

Links to the stories:

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Hacking Humans

Fighting off phishing.

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Three types of defenses for every threat: policy, technical, and people

Underestimation of social engineering and phishing defenses

Significance of frequent security awareness training

Role of healthy skepticism in cybersecurity protection

Impact of AI on cybersecurity and phishing sophistication

Proactive Security Measures

Awareness is Crucial in Avoiding Scams

Awareness Gap in Cybersecurity

Teaching about Social Engineering and Trust in Cybersecurity

Remember Everything You Learn from Podcasts