Not a week goes by where we don’t see a headline in the press mentioning something along the lines of “sophisticated phishing attack” or “new phishing attack approach”. As long as we embed technological innovations into our processes and increasingly rely on them, malicious individuals are continually improving their approaches and looking for weaknesses to exploit.
There are plenty of basic phishing campaign platforms which provide templated phishing campaigns. These generally include standardised emails which are sent to every employee within your business. Whilst these are good for providing basic awareness of phishing threats, they don’t account for the more sophisticated spear phishing threats where an attacker has extensively researched your organisation and the attacks are not filled with obvious red flags, making them easy to identify and contain.
Basic, templated Phishing Assessments fail to take into account the vast number of approaches a cyber criminal could use to attack your organisation. They also fail to recognise that each member of your team has different levels of technical skill, awareness and knowledge when it comes to phishing threats. Therefore, tailoring Phishing Assessments to varying levels of technical skill and awareness enables you to raise overall awareness throughout your organisation.
To ensure we’re providing our clients with realistic scenarios in our tailored Phishing Assessments. We keep track of all the latest scams in the media, in crime reports and on the dark web. We also monitor attacks directed at our systems and third parties. This ensures that when clients request help in gaining an understanding of the level of their employees' awareness of phishing threats, we can take our knowledge of the approaches threat actors are taking and apply it to our clients' particular situation, sector, sizes, processes and so on.
Recently, a client of ours requested us to make their phishing campaign as difficult as possible because they were aware that threat actors aren’t going to hold back if they want to succeed. As a result of the Phishing Assessment, our client learned that:
Importantly, the point of a phishing assessment is to identify where further education is required. After clicking and entering information, employees at this organisation were provided with training that would enable them to spot phishing campaigns in future and how best to report to their security team.
Spam filters won’t identify every phishing email that comes through. Cyber criminals are spending more and more time crafting their approach to increase the success rate of their attacks. Your employees are your last line of defence, so they need to be equipped to manage the risk, which involves being able to:
Do you know how your people would deal with a phishing email? Get reassurance that they will take the right actions and you are helping them to help you and themselves at work and at home.
If you do think you have been the victim of a phishing attack or would like to speak to one of our specialists about protecting your organisation against cyber threats, please get in touch to speak to one of our specialists.
This article was published in partnership with our cyber security partner PGI.
© SES Secure Limited and ses-escrow.co.uk, 2021. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Financechain Limited trading as SES and ses-escrow.co.uk, with appropriate and specific direction to the original content.