On this episode of the CyberSpeak with InfoSec Institute podcast, Pedram Amini, creator of the Zero Day Initiative and CTO of InQuest.net, talks about how  phishing has changed — and stayed the same — over recent years.

In the podcast, Amini and host Chris Sienko discuss:

  • How have phishing tactics changed since high-profile attacks over the past few years? (1:05)
  • Are people becoming more careful around suspicious emails after all these major breaches? (2:25)
  • How do you change the thinking that drives people to click suspicious links? (4:05)
  • What are some unusual phishing attacks you’ve heard of that worked? (5:10)
  • Have any common phishing methods declined or increased in frequency in recent years? (6:50)
  • How do you educate people people about hijacked email accounts and how to defend against attacks that come from a legitimate email account? (8:50)
  • Are malicious Macros still a concern? (10:35)
  • How will low-level attacks shift as global internet users climb to three billion in recent years? (15:55)
  • Are there any indications that C-suite executives are receiving better security awareness training? (18:10)
  • What issues are there when employees work remotely? (20:00)
  • Is the proliferation of mobile devices changing phishing? (21:15)
  • What are some best practices for ensuring your vendors are secure? (23:55)
  • Where do you see phishing headed in the future? (25:30)
  • If you had a magic gavel and could enact legislation around security or phishing, what would you do? (26:40)

Visit Pedram’s company InQuest at https://inquest.net/

Learn more about security awareness: https://www2.infosecinstitute.com/security-awareness

See special offers for CyberSpeak with InfoSec Institute listeners: https://www2.infosecinstitute.com/podcast-offer

You can watch a video version of the discussion below:

About CyberSpeak with InfoSec Institute

Get security awareness and IT training insight direct from the trenches in this weekly podcast hosted by InfoSec Institute’s Chris Sienko. Each week on CyberSpeak with InfoSec Institute, IT and security practitioners share their insights into a new topic, including security awareness, IT and security careers and keeping organizations safe from cybercrime.