Testing Your Phishing Preparedness

Email phishing has become a big business and one of the most used and most successful attack vectors. Chances are if you ask around your company, most people know what email phishing is; however, most users don’t understand the various forms phishing can take. It isn’t just about clicking on an attachment anymore, as many phishing attacks don’t even have files attached or links associated with them. With 40,000 new variants of malware being developed every day, detecting an email attack requires constant vigilance.

Since email is the predominant communications vehicle in most companies, it’s easy for email security policy enforcement to become lax. But, estimates are that over 80% of a company’s intellectual property flows through their email systems. This intellectual property exposure, along with the liability of customer and financial data, it’s easy to see how organizations are exposed to a lot of damage.

Most users aren’t malicious, of course, but can nonetheless bring devastation to the company through their actions. For instance, an errant action could facilitate a ransomware attack resulting in dire financial and reputational impact.  In today’s fast-paced and customer service-driven business models, employees are expected to respond quickly to requests. Cybercriminals know this, and it’s why phishing emails often convey a sense of urgency.

So, what’s a company to do?  Have someone from IT deliver presentations?  Sure, education is a crucial step and should be part of any security plan. But, what’s important is to make sure the education sticks. Researchers have found that immediately after a ten-minute presentation, listeners only recalled 50% of what was said. By the next day, the information retention rate had dropped to 25%, and a week later, it was only 5%. Contrast these retention rates to those of experiential learning – doing the task – and retention rates soar to as much as 90%.1

Benefits of Phishing Attack SimulationSIlverSky Email Protection Suite

But, how do you experience a phishing attack without actually suffering a phishing attack?  That’s where SilverSky comes in. SilverSky offers a professional service where our cybersecurity experts execute a phishing attack against users in your company to test their susceptibility to being phished. The whole process takes about a week and begins by scoping the attack. As we collaboratively structure the test, many clients choose specific users in specific roles or locations. From there, we determine the right template to use to seem realistic to the user, but still have the telltale signs that it might be a phishing attempt. We then execute the attack and monitor the users’ responses. The results of the test are documented in a complete report along with recommendations. We then work to educate your users on the outcomes and what they can do to be better prepared.

From a compliance standpoint, going through this test will help you establish a baseline for your susceptibility to phishing attacks and document your efforts. It’s essential to do these tests periodically so that you can set your trend line and prove your improvement to your auditors.

A final key consideration is that with many users working from remote workspaces, the combination of working remotely with ad-hoc devices and connectivity may make users more susceptible to a phishing attack. Furthermore, the unsettling nature of the COVID-19 pandemic may induce users to drop their guard more frequently than if they were in their typical work environment.

Email may be the most exposed part of your IT infrastructure, so it’s essential to take positive, proactive steps to ensure the safety of your company and your users. Experiential learning will be a great strategy to mitigate the risk and improve your cybersecurity maturity.

If you’d like SilverSky to help, contact us at 1-800-234-2175 or learn@silversky.com.

 

Sources:

3 Reasons That Experiential Learning Boosts Performance,” Phil Geldart, Entrepreneur, April 12, 2017

Managed Security Services

Your around the clock SOC.

Managed Endpoint Detection and Response

Some attacks will succeed. Don’t worry—we have you.

Managed Detection and Response

Augment your IT team using our expertise and the latest technologies.

Email Protection Suite

Defending against the leading attack vector.

Cloud Email and Collaboration

More than ever, the cloud is essential.

Incident Response Readiness

When a breach occurs, you’ll be ready.

Compliance & Risk Services

Take the next steps on your cybersecurity maturity journey.

Trusted Cybersecurity for an Uncertain World

Understand, detect, and effectively respond to threats, reduce business risk and improve the return on your security investment.

Financial Services

We comply with the same regulations you do.

Healthcare

Affordable defenses for a sector under attack.

Retail

SilverSky stands between cybercriminals and your customers’ data.

Benefits of a Single Vendor Relationship

The Cooperative Bank of Cape Cod found itself especially appreciative of SilverSky’s comprehensive solution set—particularly as they rapidly, but securely, enabled employees to work remotely.

ACET

Automated Cybersecurity Examination Tool

HIPAA

Health Insurance Portability and Accountability Act

PCI DSS

Payment Card Industry Data Security Standard

FFIEC

Federal Financial Institutions Examination Council

GLBA

Gramm-Leach-Bliley Act

ACET Helps Credit Unions Further Their Missions

Learn how going all in for ACET protects customers and the health of community-based financial services.

Resources

Articles, guides, ebooks, tools, on-demand webinars, case studies, and more. Explore a range of topics.

Press & Events

Press releases, upcoming conferences and trade shows, and future and on-demand webinars

Revisiting Cybersecurity’s Delicate Balance

Learn how CISOs are rebalancing prevention, detection, and response for stronger cyber defenses.

About Us

Trusted cybersecurity for an uncertain world.

Careers

Looking to join the fight against cybercriminals?

Security Management Console

Comprehensive customer portal for state of devices, reports for compliance, support tickets, and more.

Transforming Cybersecurity Culture from Corner Offices to Cubicles

Executives are increasingly thinking about cybersecurity management in a similar manner as they would any other risk assessment. This guide is here to help.