Sophos Phish Threat

Are You Protected?

“87% of Australian businesses have identified phishing emails coming into their organisation, with 65% being impacted by a ransomware attack.” – Sophos

Ransomware is a widespread and damaging type of malware typically used to extort money from businesses and home users by encrypting their files.

Your business’s productivity and reputation can be severely impacted by an attack, often with crippling financial costs and downtime.

One popular method hitting Australian businesses hard is phishing – making up over 90% of all ransomware.

What is phishing?

Phishing is any attempt to bait a user into performing an action such as:

• opening an email attachment;
• clicking a link;
• transferring a confidential email;
• transferring funds

Examples
Most employees are savvy enough understand that a Zimbabwean King isn’t likely to share their inheritance with the first 50 people to email them back, but they might be encouraged to update their billing information on their Netflix account, or PayPal details, or pay a Telstra bill originating from an email.

People are now six times more likely to click on a phishing email than a genuine one.

Types of phishing

Mass phishing
These attacks are largely opportunistic, taking advantage of a company’s brand name to try and lure their customers to spoofed sites where they are tricked into parting with credit card information, login credentials, and other personal information that will be later resold for financial gain.

  • Targeting the assets of individuals
  • Typically consumers of a brand’s products or services
  • Focussed on stealing personal data, such as login credentials

Spear phishing
Spear phishing schemes are emails impersonating a specific sender or trusted source sent to targeted individuals within organisations to try to get them to take certain actions, like sending money to spurious accounts.

  • Targeting the assets of a specific organisation
  • Typically an individual or specific group in an organisation
  • Spoofed (look-a-like) email addresses to aid conversion
  • Impersonates trusted sources and senior executives

How susceptible are your staff?

INS Consulting uses Sophos Phish Threat to send automated attack simulations to your staff. Simulations from Sophos Phish Threat then allow you to identify how many of your staff members are opening fraudulent emails and how far along the process they go with personal or corporate information. The results of the simulations allow you to pinpoint users so that you can specifically target education and training and generate actionable reporting metrics.

INS Consulting can help: .

Information security is only as secure as your weakest link

Phish Threat emulates basic and advanced phishing attacks to help you identify areas of weakness in your organisation’s security posture.

Easy campaign generation
Simulate phishing, credential harvesting, or malware attacks in a few clicks. You’ll be up and running in minutes with constantly updated and socially relevant templates. Campaigns can be distributed broadly or targeted at specific teams in your organisation like HR, Finance, and other departments.

Effective training modules
Training modules are designed to educate about specific threats such as suspicious emails, credential harvesting, password strength, and regulatory compliance. Your end users will find them informative and engaging, while you’ll enjoy peace of mind when it comes to future real-world attacks.

Comprehensive reporting
The Phish Threat dashboard reports on results by company, department, and individual users, providing your entire IT organisation with insight into individual performance and company-wide security posture alike.

Watch this short video to learn more about phishing – and how to stop it.

To find out more and to access free resources to help you educate your users on the dangers of phishing, visit www.sophos.com/phishing.

Click here to get in touch with us to talk about protecting your organisation. Using a combination of targeted user training and email and web protection, INS Consulting will help safeguard your business against the next frontier of ransomware.

“INS provides prompt and attentive IT support for all our offices across Australia and New Zealand. They redesigned our IT systems which reduced our IT costs significantly. They have also really stepped up our security practises. I would gladly recommend them to anyone was looking to do the same”.

Stuart, Chief Financial Officer, providing commercial cleaning services to Australia and New Zealand

Contact us to discuss your IT requirements