"How One State's Phishing Training Evolves With Threats"

According to a leading technology official, employee training must continue to evolve to keep up with cybercriminals' new tactics if state governments are to stay ahead of the latest phishing threats. Hemant Jain, CISO at the Indiana Office of Technology (IOT), stated that every month, state employees from over 100 agencies receive phishing and cybersecurity awareness training, which they also receive during their onboarding as new employees. Jain says the state modifies the email templates it uses for employee phishing training to account for the most recent news that may inspire scammers, such as recent announcements about federal student debt relief. The templates are also changed regularly to ensure employees do not become too familiar with them. Furthermore, metrics indicate whether any phishing topic or technique should be the subject of additional training as a result of high user click rates during the exercises. Employee training is also tailored to the various file types that employees encounter daily. Training for those who regularly use PDFs for their jobs, for example, will include many PDFs to show them what they could be exposed to, according to Jain. He added that it is critical to make employee training relevant and contextual to the actual end user. Employees are also subjected to phishing training tests via text message, social media, and other means, as hackers increasingly use these platforms in the same malicious manner as email. Indiana has also worked to strengthen its cyber posture through recent legislation that enhanced cyber incident reporting requirements, requiring local governments to report attacks or suspicious activity to IOT within 48 hours of discovery. Indiana takes a "whole-of-state" cyber approach, encouraging all levels of government to work toward the same security and safety goals. This article continues to discuss Indiana's phishing training and the state's other efforts to improve its cyber posture.

GCN reports "How One State's Phishing Training Evolves With Threats"

Submitted by Anonymous on