Fancy a Phishing Trip?
Phishing is big business. Attacks have shown record growth in recent years, with 66% of malware now installed via malicious email attachments, and advanced spear phishing attacks costing businesses an average of £100,000 per incident. Users continue to be the easiest target for attackers in the cybersecurity defenses of most organisations, but an army of trained, phishing-aware employees can provide you with a human firewall against these threats.
But how do you train them?
Well you could opt for classroom delivery to many or a very personal one-to-one training approach, which some of us may have experienced during an induction process, I certainly did.
But how do you know if the User who passed the Phishing Test in the Induction won’t be a threat when they are released into ‘the wild’?‘
Well, Fusion IT recently deployed a service called Sophos Phish Threat on its own network to see how cyber security aware its Users are, and continue to be, on a daily basis. The results were interesting, but I am pleased to say, as an ISO27001 Accredited organisation, we passed with flying colours.
To elaborate, Sophos Phish Threat emulates a range of phishing attack types to help identify areas of weakness in an organisation’s security posture, thereby empowering Users through engaging training to strengthen the organisations’ defenses.
What the service essentially does is take you on a journey, or phishing ‘trip’ if you like, with simulated attacks made on your network and Users over several months with a range of over 500 email threat templates.
The SophosLabs analysts monitor millions of emails, URLs, files, and other data points each day for the latest threats and utilise this constant stream of intelligence to maintain relevance and ensure User training covers current phishing tactics, with socially relevant attack simulation templates, covering multiple scenarios. Plus it is translated into 10 languages (so it can be used business with multiple international offices) such as:-
- Traditional Chinese
Once a phishing test has been ‘run’ the results are analysed and used to provide tailored training modules to educate users about specific threats such as suspicious emails, credential harvesting, password strength, and regulatory compliance.
For those running a simulated phishing campaign, the Phish Threat Dashboard provides at-glance campaign results on User susceptibility, and allows you to measure overall risk levels across your entire User group with ‘live’ Aware Factor data including: –
- Top Level Campaign Results
- Organisation trend of caught employees and reporters
- Total Users caught
- Testing coverage
- Days since last campaign
Drill-down Reports can also give deeper insight into security awareness performance at an Organisational or Individual User level.
Plus, the service includes an Outlook add-in providing Users with the ability to report simulated attacks right from the Inbox.
Priced per user with bands from one to 5,000-plus, Sophos Phish Threat’s single license type keeps things simple, with unlimited tests per user, so you can focus on protecting your Users – and business – safe from today’s advanced phishing attacks.
Please give us a call on 0333 241 4123 or email [email protected] if you would like engage this service or discuss further.