Sophos Phish Threat
Are You Protected?
“87% of Australian businesses have identified phishing emails coming into their organisation, with 65% being impacted by a ransomware attack.” – Sophos
Ransomware is a widespread and damaging type of malware typically used to extort money from businesses and home users by encrypting their files.
Your business’s productivity and reputation can be severely impacted by an attack, often with crippling financial costs and downtime.
One popular method hitting Australian businesses hard is phishing – making up over 90% of all ransomware.
What is phishing?
Phishing is any attempt to bait a user into performing an action such as:
• opening an email attachment;
• clicking a link;
• transferring a confidential email;
• transferring funds
Most employees are savvy enough understand that a Zimbabwean King isn’t likely to share their inheritance with the first 50 people to email them back, but they might be encouraged to update their billing information on their Netflix account, or PayPal details, or pay a Telstra bill originating from an email.
People are now six times more likely to click on a phishing email than a genuine one.
Types of phishing
These attacks are largely opportunistic, taking advantage of a company’s brand name to try and lure their customers to spoofed sites where they are tricked into parting with credit card information, login credentials, and other personal information that will be later resold for financial gain.
- Targeting the assets of individuals
- Typically consumers of a brand’s products or services
- Focussed on stealing personal data, such as login credentials
Spear phishing schemes are emails impersonating a specific sender or trusted source sent to targeted individuals within organisations to try to get them to take certain actions, like sending money to spurious accounts.
- Targeting the assets of a specific organisation
- Typically an individual or specific group in an organisation
- Spoofed (look-a-like) email addresses to aid conversion
- Impersonates trusted sources and senior executives
How susceptible are your staff?
INS Consulting uses Sophos Phish Threat to send automated attack simulations to your staff. Simulations from Sophos Phish Threat then allow you to identify how many of your staff members are opening fraudulent emails and how far along the process they go with personal or corporate information. The results of the simulations allow you to pinpoint users so that you can specifically target education and training and generate actionable reporting metrics.
INS Consulting can help: .
Information security is only as secure as your weakest link
Phish Threat emulates basic and advanced phishing attacks to help you identify areas of weakness in your organisation’s security posture.
Easy campaign generation
Simulate phishing, credential harvesting, or malware attacks in a few clicks. You’ll be up and running in minutes with constantly updated and socially relevant templates. Campaigns can be distributed broadly or targeted at specific teams in your organisation like HR, Finance, and other departments.
Effective training modules
Training modules are designed to educate about specific threats such as suspicious emails, credential harvesting, password strength, and regulatory compliance. Your end users will find them informative and engaging, while you’ll enjoy peace of mind when it comes to future real-world attacks.
The Phish Threat dashboard reports on results by company, department, and individual users, providing your entire IT organisation with insight into individual performance and company-wide security posture alike.
Watch this short video to learn more about phishing – and how to stop it.
To find out more and to access free resources to help you educate your users on the dangers of phishing, visit www.sophos.com/phishing.
Click here to get in touch with us to talk about protecting your organisation. Using a combination of targeted user training and email and web protection, INS Consulting will help safeguard your business against the next frontier of ransomware.