90% OF ALL ATTACKS ORIGINATE FROM A PHISHING EMAIL
Phishing occurs when a malicious individual attempts to trick unsuspecting victims into sharing confidential information such as passwords, account details and financial information.
Attackers are becoming increasingly proficient at extracting your sensitive information, using methods such as pretending to be a legitimate contact and convincing their target to open a spam email, click on a dangerous link or got to a fake website.
The Importance Of Educating Your Workforce About Phishing Threats
Personalised To Your Business – An effective Phishing Assessment has to look believable to its targets – your employees. Our consultants utilise open source research coupled with knowledge of your organisation and the latest attacks targeted at your industry.
Measure Your Awareness – Our Phishing Assessments are designed to measure the level of awareness of this type of attack within your workforce. We find the best way to go about this is to perform an initial Phishing Assessment to gain an understanding of the level of knowledge within your team and then tailor our training accordingly. Once the training has been completed we find it useful to perform a follow up Phishing Assessment to gauge the effectiveness of the training.
No Pointing The Finger – Our goal is not to point the finger or ridicule anyone. The vast majority of all cyber attacks originate from Phishing and our intention is only to increase awareness of these attacks and educate more people on how to effectively defend against them.
Your employees are your first line of defence against phishing threats and it is crucial that they understand not only how they could be targeted, but what to do in the event they receive a suspicious looking email.
Open source research.
Our knowledge of your business.
The latest attacks targeted at your industry.
The campaign will be carried out over a 4 week period and consist of multiple emails.
Throughout the course of the campaign, our consultants will vary the realism of the test emails and the domain names used.
This will replicate the difference in skill attackers have and the various abilities they use.
Also, using this approach will subject your employees to a broad range of phishing threats.
Upon failure to identify a phishing email, staff will be presented with a short educational message such as a training video or webpage.
This will be tied to the phishing threat they have failed to spot and will help them to identify and correctly suppress that type of threat in the future.
Our consultants will conduct a test email phishing campaign, tailored to your organisation and based on the following:
Monitoring & Reporting
Our consultants will actively monitor and report on the following metrics throughout the phishing exercise:
Opened phishing emails, and potentially malicious links clicked/ attachments downloaded.
Geographical location of the user opening the email to identify access in non-typical locations.
Out-of-date browsers and plugins, identifying potentially vulnerable users.
Network endpoints vulnerable to data-exfiltration and firewall misconfiguration.
Users who are subject to phishing emails but have failed to complete follow-up training.
Reductions in the number of successful phishing emails.
At the end of the campaign, our consultants will generate a comprehensive report based on the metrics above, which will provide an analysis of your current cyber maturity, and produce recommendations to help you increase this.