Phishing poses a significant threat to your business with over 90% of successful data breaches beginning with a maliciously crafted email. It's not surprising that employees really are the weak link in your organisation's security posture. It is key that you protect your employees and organisation from the ever-evolving and complex world of social engineering threats.
Gone are the days where phishing attacks were easy to spot. As technology, knowledge and awareness has developed, so has the sophistication of social engineering and their popularity with cyber criminals. Phishing attacks now commonly appear as though they are from legitimate sources, and any member of staff at any level, including c-suite, can fall victim to them.
You can mitigate against this risk with social engineering training, incorporating phishing as a service, keeping employees on their toes and ensuring security is always top priority. Our Social Engineering Eraining platform, delivered in partnership with a Gartner Magic Quadrant cyber security company, includes security awareness training and simulated phishing attacks allowing you to identify employees most at risk.
How does Phishing as a Service work?
The platform provides you with thousands of templates developed by cyber security professionals, which you can use to set up automated campaigns to groups or individual employees. Campaigns can be set up in a matter of minutes so you can easily target each group or employee differently, based on their level and job function providing an individual dynamic risk score over time.
Identifying employees who are susceptible allows you to then plan tailored security awareness training programme.
Security Awareness Training
Gain access to the world's largest library of security awareness videos to educate your employees. With various formats available; interactive modules, videos, games, posters and newsletters, there is something to engage every demographic in your organisation.
The platform allows you to automatically tailor training to the skills, experience and risks posed by individual employees and teams. Based on the results of previous training and the real time results from the phishing as a service aspect of the platform.
What is Social Engineering?
Social engineering uses psychological manipulation into tricking people into divulging confidential information or access to funds. It includes:
- Simulated Phishing, the sending electronic communications pretending to be a trustworthy source in order to obtain sensitive information.
- CEO Fraud, a specific type of spear-phishing where criminals impersonate your CEO
- Ransomware, typically spread through phishing emails a malicious type of software designed to deny access to a computer
Phishing as a Service
What are the main types of Phishing?
- Phishing: Attempting to obtain sensitive information through generic impersonation, malware or social engineering attempts
- Spear Phishing: Targeted attacks designed to gather personal information on the target
- Vishing: Voicemail or telephone phishing
- Smishing: SMS targeting users or users' phones directly
- Whaling: CEO-fraud, deliberately targeting senior executives in order to disclose sensitive information
What is an insider threat?
Insider threats are threats posed to your organisation by its employees, contractors and leadership. Classically this has been focussed on disgruntled employees or those leveraged by blackmail. All personnel, however, are vulnerable to social engineering attacks that compromise their logins, install malware on their machines or trick them into behaviour that enables further attacks.
What is Ransomware?
Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. It typically spreads through phishing emails or by unknowingly visiting an infected website. It can be devastating for an individual or an organisation, often resulting in blackmail to gain control of your computer system or data.
What is pre-texting?
A pretext is a compelling narrative that an attacker may use to build trust with a target, increasing the success of an attempt. It may include research on the individual themselves, their organisation and personal factors such as the attacker's appearance, tone of voice, etc.
Why Security Training?
Phishing | CEO Fraud | Ransomware | Compliance
Your business is under constant attack and so are your employees. Your users are the last line of defence, they need to be trained to say on their toes