EDUCATE YOUR USERS NOT TO TAKE THE BAIT:

INTRODUCTION TO PHISHING AS A SERVICE

1

www.secdata.com

2

WHAT IS PHISHING?

Phishing (noun)

The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, online.

3

WE’RE ALL ON THE HOOK

Phishing costs the UK £278 million annually

Only 1 in 5 emails are genuine

450,000 phishing attacks in 2013 worldwide; 31% targeted the UK

Today, phishing attacks are more frequent, more damaging…

720 brands known to be targeted by phishing in 2013

$5.9 billion – the global cost of phishing last year

4

WE’RE ALL ON THE HOOK

MORE TARGETED: Social media has handed personalised information to scammers

“Spear-phishing” with personalised attacks is simple to do based on friends, known purchases etc etc

MORE VECTORS: Attacks can come from anywhere.

Phishing attacks have been delivered through instant messaging, mobile apps, social networks, online marketplaces and even SMS text messaging

MORE TRUST: Users increasingly rely on online brands.

Cyber criminals exploit trusted brands by creating fake emails that are very difficult to distinguish from the genuine article.

…and more sophisticated:

5

TARGETING THE WEAKEST LINK

People are the weakest link in the security chain.

Phishing is so successful precisely because it targets your users, not your technology.

Users, not technology, create 80% of all IT security breaches

58% of untrained employees will click on phishing emails

91% of targeted attacks now involve spear-phishing emails

You are only as secure as your least security conscious employee

EDUCATION IS THE BEST DEFENCE

6

Many technologies can counter phishing attacks, but none are 100% effective.

The best protection is to educate your users on the dangers so they can play an active role in your defence.

Only by understanding how susceptible your users are to phishing can your organisation take action to reduce risk.

7

PHISHING AS A SERVICE

Phishing as a Service

• Simulate an attack to realistically assess your risk

• Identify specific vulnerabilities within your user organisation

• Detailed reports provide a clear view of your organisation's vulnerabilities and how to address them

ASSESS RISK REDUCE VULNERABILITY• Track users over time to identify who requires

further training

• Educate your users on the dangers so they can play an active role in your defence

• Teach users about security best practices

• Show users on how to protect themselves in specific situations or on certain devices

Launch and monitor simulated phishing attacks on your users

HOW THE SERVICE WORKS

8

Simulated attacks on the users you select at

frequent, but unpredictable

intervals

Emails accurately simulate attacks. E.g. They redirect users to custom-built fake login

screens

Victims are taken to pages that explain

their mistake and how to better protect

themselves

Detailed reporting: how many users clicked on phishing emails, opened links or submitted information

Visibility into where to apply additional training is the bedrock of making your organisation more resistant to phishing

FEATURES AND BENEFITS

9

• Easy to deploy service - no hardware or software needed

• Total control over the length, duration and targets of the simulated phishing campaign

• Victims of the simulated attack receive notification pages educating them on security best practice

• Detailed reports on business impact

• Easily monitor your organisation’s risk over time

FEATURES• Harden your business against Phishing

and reduce risk

• Maximise security spend on educating user security defences

• Identify where to invest in further security training or new security solutions

• Protect yourself quickly through a rapidly deployed service

• Practical demonstrations of phishing are proven to impact behaviour over training and policy information

BENEFITS

10

IN SUMMARY – IT WORKS

of users are less likely to fall victim to a future attack after training80%

Employees that click on phishing emails can be reduced to just 2%

Questions?

11

Etienne GreeffCEOetienne.greeff@secdata.com+44 1622 723400www.secdata.com