Often, attackers only need one employee to fall for an attack before gaining a foothold in an organization. The defenders on the other hand have to continuously catch all attacks to keep an organization secure.
In 2012, Masha Sedova began a new approach to Salesforce’s security awareness program aimed at increasing the difficulty of a successful attack on their employees. The goal was not only educate the company’s employees about security, but also to make them invested in their part of securing the company by reporting suspicious activity. After a multi-step approach using rewards and positive feedback, the company continues to see increasingly promising results on detecting simulated and real phishing emails and defending against red team exercises.
In this talk, Masha will talk about the steps she’s taken to increase the reporting of suspicious activity by her employees and the measurable impact it has had in helping keep Salesforce’s employees and customers secure.