6
4. Authentication Attacks
Social engineering is consistently the number one root cause used by ransomware and other malware
attacks to gain initial access.
It makes sense therefore to consider raising awareness around these initial attack vectors amongst
the groups typically responsible for them.
Attack Vector Audience
Proposed
Intervention
KnowBe4 (or other) Content
Behaviour
Design Trigger
Social
Engineering
All staff Phishing base
training
Gamified
phishing training
to transfer
knowledge
to intuitive
awareness
Phishing
simulations
mimicking
typical
ransomware
phishing
techniques
KB4 Training:
•
Phishing Foundations (15 mins)
•
Basics of Phishing (5 mins)
•
Spot the Phish Game:
Foundational (5 mins)
•
Phish Catcher Game (7 mins)
Phishing templates:
•
Invoices,
•
calendar invites,
•
payment notification,
•
Delivery notices
•
CV/job applicants (HR)
Unpatched
software
IT and Data-driven
defense
•
Masterclass on Data-
Driven Defense
Microsoft
Remote
Desktop
Protocol (RDP)
IT and Privileged user
training
MRDP security
guidance
KB4 Training:
•
Security Moments Series: Privileged
User Access Management (4 mins)
Other:
•
Microsoft guidelines for
securing RDP
Password
attacks
IT and Password policy
Understanding
multi-factor risks
•
Roger Grimes Password policy
•
Lessons learnt from testing 150
MFA products
•
Provide users with a password-
manager tool
