Kelly Jackson Higgins writes:
Among the unsettling results in the final report, released today, from the Social Engineering Capture The Flag contest held in August at Defcon: Security companies were just as susceptible to social engineering as nontechnology firms, Internet Explorer 6 was still in use at 65 percent of the Fortune 500 companies targeted in the contest, and nearly 90 percent of the targets willingly opened a URL that the contestants gave them.
[…]
The contest even taught the seasoned social engineering experts who ran it a few new tricks. “These Fortune 500 firms are huge companies that I’ve not ever done audits for. A curiosity of mine was [whether] these massive companies have good security awareness programs. We learned that they [do] not,” Hadnagy says. “Bigger companies are not any better at security awareness than [midsize] ones.”
Read more on Dark Reading.