Explaining threat intelligence to executives can be daunting. Framing the conversation in the tactical, as opposed to the strategic, prevents us from communicating the real value of a good, empowered, sponsored, and staffed threat intelligence program in a way that executives can understand what they’ll get - and say yes.
Successful phishing attacks - tricking your employees into clicking a link and then taking an action, such as providing information to a fake web page - is the primary vector for ransomware infections.
Note: I spoke on this topic in September, 2021 at 44CON and you can watch the video here.
Are you asking the right questions to determine how well your vendors will protect your data?
I’ve been arguing for years that we in information security aren’t doing anyone any favors when we demand that people use for passwords something impossible to remember, then we demand that they remember it, and then we insist that, for God’s sake, they never write it down.