Story image

Sophos unveils new phishing attack simulation solution

15 Mar 2018

​Many experts are in agreement when it comes to phishing.

It is likely one of the most frequent, persistent and potentially harmful forms of cyberattack that organisations face today. In fact, research from Freeform Dynamics found that 41 percent of organisations see a phishing attack on a daily basis.

Sophos says phishing remains an easy access route into organisations for today’s ransomware payloads and data breaches, which means employee training remains critical to maintaining effective security.

In light of this, Sophos has announced the expansion of its Sophos Phish Threat phishing attack simulator and training solution to Europe and Asia. The expansion comes with enhanced dashboards and new analytics to track organisational risk and employee performance and aims to simplify a key part of an organisation’s security strategy – employee awareness.

"Human behaviour is a critical element of cyber security yet 62 percent of companies don’t train employees to recognise phishing attempts," says Sophos senior vice president Bill Lucchini.

"SophosLabs sees malware on up to 77 percent of blocked mail. Creating a culture of security and data protection awareness has risen in priority with the greater risk of email borne ransomware and the planned introduction of new legislation such as GDPR.”

According to Luccchini, Sophos Phish Threat automates the entire training process and provides visual analytics to identify vulnerable employees. An added benefit of the platform is that it can be managed alongside email, endpoint, and network security from one console for improved, risk management and incident response.

“Employees have to be responsible for the way they handle data and how to spot a phishing attack should be part of their training,” says Lucchini.

“Phish Threat builds greater employee awareness by creating suspicious emails using known techniques, successful spoofs, and contemporary examples. In fact, after just four Phish Threat simulation training emails, the average organisation reports a 31 percent reduction in employee susceptibility.”

Sophos says that with its Phish Threat platform, IT managers are able to identify susceptible employees and manage relevant real-world phishing email simulations to deliver more effective training sessions from within Sophos Central.

Attack templates and training are available  in nine languages and constantly updated based on current phishing threats. When errors are made, individuals are automatically given corrective training to learn from their mistakes.

Phish Threat also provides the analytics and reporting metrics to allow tracking and measurement of overall business risk and security posture at an organisation or individual level.

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Ensign and IronNet partner to create cyber analytics capabilities
The Singapore-based joint venture will form a Cyber Analytics Center for Excellence focused on securing regional enterprises from sophisticated cyber threats.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.