Testing Your Phishing Preparedness

Testing Your Phishing Preparedness

Email phishing has become a big business and one of the most used and most successful attack vectors. Chances are if you ask around your company, most people know what email phishing is; however, most users don’t understand the various forms phishing can take. It isn’t just about clicking on an attachment anymore, as many phishing attacks don’t even have files attached or links associated with them. With 40,000 new variants of malware being developed every day, detecting an email attack requires constant vigilance.

Since email is the predominant communications vehicle in most companies, it’s easy for email security policy enforcement to become lax. But, estimates are that over 80% of a company’s intellectual property flows through their email systems. This intellectual property exposure, along with the liability of customer and financial data, it’s easy to see how organizations are exposed to a lot of damage.

Most users aren’t malicious, of course, but can nonetheless bring devastation to the company through their actions. For instance, an errant action could facilitate a ransomware attack resulting in dire financial and reputational impact.  In today’s fast-paced and customer service-driven business models, employees are expected to respond quickly to requests. Cybercriminals know this, and it’s why phishing emails often convey a sense of urgency.

So, what’s a company to do?  Have someone from IT deliver presentations?  Sure, education is a crucial step and should be part of any security plan. But, what’s important is to make sure the education sticks. Researchers have found that immediately after a ten-minute presentation, listeners only recalled 50% of what was said. By the next day, the information retention rate had dropped to 25%, and a week later, it was only 5%. Contrast these retention rates to those of experiential learning – doing the task – and retention rates soar to as much as 90%.1

Benefits of Phishing Attack SimulationSIlverSky Email Protection Suite

But, how do you experience a phishing attack without actually suffering a phishing attack?  That’s where SilverSky comes in. SilverSky offers a professional service where our cybersecurity experts execute a phishing attack against users in your company to test their susceptibility to being phished. The whole process takes about a week and begins by scoping the attack. As we collaboratively structure the test, many clients choose specific users in specific roles or locations. From there, we determine the right template to use to seem realistic to the user, but still have the telltale signs that it might be a phishing attempt. We then execute the attack and monitor the users’ responses. The results of the test are documented in a complete report along with recommendations. We then work to educate your users on the outcomes and what they can do to be better prepared.

From a compliance standpoint, going through this test will help you establish a baseline for your susceptibility to phishing attacks and document your efforts. It’s essential to do these tests periodically so that you can set your trend line and prove your improvement to your auditors.

A final key consideration is that with many users working from remote workspaces, the combination of working remotely with ad-hoc devices and connectivity may make users more susceptible to a phishing attack. Furthermore, the unsettling nature of the COVID-19 pandemic may induce users to drop their guard more frequently than if they were in their typical work environment.

Email may be the most exposed part of your IT infrastructure, so it’s essential to take positive, proactive steps to ensure the safety of your company and your users. Experiential learning will be a great strategy to mitigate the risk and improve your cybersecurity maturity.

If you’d like SilverSky to help, contact us at 1-800-234-2175 or learn@silversky.com.

 

Sources:

3 Reasons That Experiential Learning Boosts Performance,” Phil Geldart, Entrepreneur, April 12, 2017

Todd Lind Editor
Senior Cybersecurity Consultant , SilverSky
SilverSky offers a comprehensive suite of products and services that deliver unprecedented simplicity and expertise for compliance and cybersecurity programs.
follow me

Previous

Next

Managed Detection and Response

Comprehensive solutions to detect, prioritize, and address security incidents.

Managed Security Services

24 X 7 X 365 monitoring, management, and system maintenance.

Email Protection Suite

Monitor and manage your email environment with advanced email security and compliance protections.

Cloud Email and Collaboration

Cloud office productivity enhanced with proven security and compliance protection.

How does SilverSky's integrated stack of solutions meet your needs?

Compliance and Risk Services

Assess your program and controls, benchmark and identify areas for improvement. Develop your security roadmap for investment and improvements. Effectively measure ROI and impact on your security posture

Incident Response Readiness

Incident Response Plan Development / Review. Incident Response Readiness Review. Emergency Incident Response.

Discuss your compliance, risk management and incident response readiness needs.

Schedule Free 1-on-1 Consultation

Financial Services

1,500+ small & mid-sized financial institutions rely on SilverSky to meet and exceed FFEIC, GLBA and PCI DSS requirements and overall cybersecurity needs.

Healthcare

Hundreds of small & mid-sized healthcare organizations rely on SilverSky to address HIPAA and other regulatory requirements and serve overall cybersecurity needs.

Retail

Small and mid-sized retail organizations count on SilverSky to maintain PCI DSS requirements, secure customer data and reduce cybersecurity threats.

How Exposed Are You?

Take the test to see how your security program compares with other businesses like yours.

Resources

White papers, guides, tools, on-demand webinars, case studies and more. Explore a range of topics. 

Events & Webinars

Blog

Product Sheets

SilverSky product and services information at your fingertips. Product data sheets, compliance matrixes, & brochures.

How Exposed Are You?

Take the test to see how your security program compares with other businesses like yours.

Become A Partner

Partner with SilverSky to tap into the approaching $300 billion+ cybersecurity market.

Talk to one of our partner managers and consider expanding your cybersecurity offerings.

Schedule Partner Exploration Discussion

Share This