Tagged: DFIR, Incident Response, MSOC, MSOC Philippines, Phishing Attack, Phishing Scam, Security Awareness Training, SOC, SOC Philippines
- This topic has 2 replies, 3 voices, and was last updated 3 weeks ago by
Darrel Butil.
- AuthorPosts
- February 26, 2026 at 1:59 pm #1736Anthony BorbeParticipant
Phishing continues to be one of the most common cybersecurity threats affecting organizations of all sizes. Even with strong technical controls in place, attackers often focus on something much simpler, human interaction. A well-crafted email that looks legitimate can sometimes be enough to trick someone into clicking a link, opening a malicious attachment, or sharing sensitive information.
One of the most infamous examples of successful phishing happened when a hacker impersonated a legitimate supplier and tricked employees at Facebook and Google into paying fake invoices, costing the companies millions of dollars before authorities intervened. Read about the Facebook & Google phishing scam.
This is why Security Awareness Training is so important. It’s not about blaming employees, it’s about empowering them. When staff understand how phishing works and what warning signs to look for, they become an active part of the company’s defense strategy.
Simple practices such as regular awareness sessions, simulated phishing exercises, and clear reporting processes can significantly reduce risk. Short, consistent training is often more effective than one-time seminars, especially as phishing tactics continue to evolve.
Cybersecurity works best when technology and people work together. By investing in phishing awareness training, companies strengthen not only their security posture but also their overall resilience.
In today’s digital environment, awareness is not just helpful, it’s essential.
February 26, 2026 at 5:16 pm #1748Alpert SebastianParticipantTotally agree. Phishing works because it targets people, not systems.
The Facebook and Google example shows that even the biggest companies can be fooled if awareness is missing.
Security awareness training isn’t about blaming employees—it’s about helping them spot red flags and know what to do. When people and technology work together, security is much stronger.
February 26, 2026 at 5:18 pm #1749Darrel ButilParticipantYour post clearly explains why phishing is still a major cybersecurity threat. I agree that even with strong security systems, attackers can succeed by targeting people. The example of Facebook and Google shows how serious and costly phishing attacks can be.
I also support your point about Security Awareness Training. It’s not about blaming employees, but helping them recognize warning signs and respond correctly. Regular training and practice exercises can make a big difference.
As an additional point, companies should combine training with tools like multi-factor authentication (MFA) and clear reporting systems. When employees feel supported and know what to do, the whole organization becomes stronger against phishing attacks.
- AuthorPosts
- You must be logged in to reply to this topic.