As shown in the previous diagram, the end user's education is part of the management security control, under awareness training. Perhaps this is one of the most important pieces of the security program, because a user who is uneducated in security practices can cause tremendous damage to your organization.

According to Symantec Internet Security Threat Report Volume 22, spam campaigns are the top cause of malware infestation, and although nowadays they rely on a great range of tactics, the largest malware spamming operations are still relying on social engineering techniques.

In the same report, Symantec concluded that in 2016 the most common word used in major malware campaigns was "invoice." This makes total sense, since the idea is to scare the user into thinking that he or she needs to pay something, otherwise something bad will happen. This is a typical approach: to scare in order to entice the user to click on the link that will compromise the system. Another platform...