Educate Your Users Not To Take The Bait: Introduction To Phishing As A Service
-
Upload
securedata-europe -
Category
Technology
-
view
270 -
download
0
description
Transcript of Educate Your Users Not To Take The Bait: Introduction To Phishing As A Service
EDUCATE YOUR USERS NOT TO TAKE THE BAIT:
INTRODUCTION TO PHISHING AS A SERVICE
1
www.secdata.com
2
WHAT IS PHISHING?
Phishing (noun)
The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, online.
3
WE’RE ALL ON THE HOOK
Phishing costs the UK £278 million annually
Only 1 in 5 emails are genuine
450,000 phishing attacks in 2013 worldwide; 31% targeted the UK
Today, phishing attacks are more frequent, more damaging…
720 brands known to be targeted by phishing in 2013
$5.9 billion – the global cost of phishing last year
4
WE’RE ALL ON THE HOOK
MORE TARGETED: Social media has handed personalised information to scammers
“Spear-phishing” with personalised attacks is simple to do based on friends, known purchases etc etc
MORE VECTORS: Attacks can come from anywhere.
Phishing attacks have been delivered through instant messaging, mobile apps, social networks, online marketplaces and even SMS text messaging
MORE TRUST: Users increasingly rely on online brands.
Cyber criminals exploit trusted brands by creating fake emails that are very difficult to distinguish from the genuine article.
…and more sophisticated:
5
TARGETING THE WEAKEST LINK
People are the weakest link in the security chain.
Phishing is so successful precisely because it targets your users, not your technology.
Users, not technology, create 80% of all IT security breaches
58% of untrained employees will click on phishing emails
91% of targeted attacks now involve spear-phishing emails
You are only as secure as your least security conscious employee
EDUCATION IS THE BEST DEFENCE
6
Many technologies can counter phishing attacks, but none are 100% effective.
The best protection is to educate your users on the dangers so they can play an active role in your defence.
Only by understanding how susceptible your users are to phishing can your organisation take action to reduce risk.
7
PHISHING AS A SERVICE
Phishing as a Service
• Simulate an attack to realistically assess your risk
• Identify specific vulnerabilities within your user organisation
• Detailed reports provide a clear view of your organisation's vulnerabilities and how to address them
ASSESS RISK REDUCE VULNERABILITY• Track users over time to identify who requires
further training
• Educate your users on the dangers so they can play an active role in your defence
• Teach users about security best practices
• Show users on how to protect themselves in specific situations or on certain devices
Launch and monitor simulated phishing attacks on your users
HOW THE SERVICE WORKS
8
Simulated attacks on the users you select at
frequent, but unpredictable
intervals
Emails accurately simulate attacks. E.g. They redirect users to custom-built fake login
screens
Victims are taken to pages that explain
their mistake and how to better protect
themselves
Detailed reporting: how many users clicked on phishing emails, opened links or submitted information
Visibility into where to apply additional training is the bedrock of making your organisation more resistant to phishing
FEATURES AND BENEFITS
9
• Easy to deploy service - no hardware or software needed
• Total control over the length, duration and targets of the simulated phishing campaign
• Victims of the simulated attack receive notification pages educating them on security best practice
• Detailed reports on business impact
• Easily monitor your organisation’s risk over time
FEATURES• Harden your business against Phishing
and reduce risk
• Maximise security spend on educating user security defences
• Identify where to invest in further security training or new security solutions
• Protect yourself quickly through a rapidly deployed service
• Practical demonstrations of phishing are proven to impact behaviour over training and policy information
BENEFITS
10
IN SUMMARY – IT WORKS
of users are less likely to fall victim to a future attack after training80%
Employees that click on phishing emails can be reduced to just 2%