DarkNet has an article about a diamond heist that took place in Belgium. It was successful due to social engineering. The thief spent several weeks getting to know the bank staff and earned their trust. By doing so he was able to walk off with about 14.5 million US dollars worth of diamonds. My favorite quote from the post is this,
My dear friend, education is the key..not more locks and bolts.The same holds true for Information Security. If our users don't know how to spot and handle phishers then we might as well just put up an open WI-FI to our network and post it in the paper.
We all know that the defenses we put in place are only as good as the way they were configured and the last patch that was released. All of it is for naught if our users are giving away the keys to the back door.
If you need some good User Awareness materials there are lots of places to look. Some are free and others range in cost low budget to big budget. A couple that I can recommend looking into are the Notice Board Awareness Newsletter, Microsoft has some pretty good free stuff, or you can talk to Michael Santarcangello about what his company offers. There are also lots of other options that you can find with a simple Google Search.
