Phishing is the practice where cyber criminals email employees asking them to perform a certain action e.g., clicking on a malicious link which installs software and allows an attacker to gain access to sensitive data or take control over the system.To protect an organization against phishing, it is necessary that employees understand how cybercriminals work. A common attack vector is to spoof the email address of the sender, e.g., pretending to be a trusted colleague. Employees tend to fall for this trick as it is common human behaviour to help others in need, which the attackers take advantage of.
How E Secure 360 can help?
To quantify the risk of phishing within your organizations, it is necessary to measure employee behavior in a privacy preserving and ethical manner. We provide the means to measure employee behaviour through customized stimulated phishing attacks.
The awareness is reinforced by a follow-up e-learning module on phishing. With E Secure 360 phishing awareness campaign, employees are trained and assessed with periodic simulated attacks. These campaigns would help in educating the employees on real time scenarios and complement existing security workshops.
E Secure 360 Approach
Our comprehensive approach starts with an awareness campaign and is followed up with the following actions:
1. Phishing Campaign
Before the test begins, E Secure 360 works with the organization with the necessary preparation, such as how to deal with higher volume on the IT-services, inform help desk to handle potential employee reactions and help in deciding the right phishing scenario. When testing starts, E Secure 360 sends the crafted phishing e-mails to the (targeted) employees and measures a few parameters, such as how many employees click the malicious link, at what time were the links opened, what type of information the employees disclosed, and the success rates among departments or business units. If the test is part of a recurring service, E Secure 360 can also provide trends between tests, so the organization can determine the effectiveness of its awareness campaigns. The infrastructure for executing the phishing tests is internal and assures the privacy of the shared information and the link between the employee and the results is preserved.
After the test, the employees can be informed about the results and what can be learned from these actions. As part of this feedback, E Secure 360 has also developed an e-learning module including the final online exam. E-learning provides insight into the threats, educates the employees how to (re)act during an actual attack, and improves the overall security awareness of the employee.
3. Monitoring Improvements
The final step in the process is making the test results measurable and presenting them after they have been anonymized. We regularly track the results and monitor the awareness level. In addition, the result can be used as input for consecutive phishing tests. E Secure 360 offers a dashboard with statistics of the awareness level in regard to phishing within your organization. The statistics will not only offer insight into the progress within your own organization but also allow you to see how your organization is doing in comparison to peers.