The cybersecurity good news and bad news about phishing attacks is employees can be an enterprise’s weakest link or strongest first line of defense. Yes, we are talking about inboxes, human nature and the increasingly sophisticated number of phishing attacks.
The Federal Bureau of Investigation reported phishing attacks linked to a majority of U.S.-based cybercrimes in 2020 – responsible for 241,342 complaints and tied to $54 million in losses. Over 90 percent of malware slips past poorly protected corporate firewalls via email and nearly 30 percent of security breaches are linked to an evolving variety of complex phishing attacks ranging from spear-, HTTPS-, angler-, pharm- and clone-phishing.
Thwart Phishing with Employee Awareness and Training
Employee awareness of phishing attack trends is vital to protect a company’s digital crown jewels. Recent stats on “think before you click” educational campaigns show cyber readiness pays off for companies. Verizon’s 2021 Data Breach Investigations Report confirmed anti-phishing training is effective and reduced, by double-digit percentage points, the number of times employees click on malicious inbox messages.
Corporate anti-phishing awareness can include training sessions and how-to-spot exercises. However, those only begin to help IT security teams identify risk and determine training effectiveness. That has pushed companies such as Trend Micro to deliver more complete anti-phishing efforts, which include simulated phishing attacks and ways to measure and reinforce employee awareness.
Real-Life Training with an Effective Phishing Attack Simulation
Trend Micro’s Cyber Security Awareness platform, called Phish Insight, is based on four pillars:
What Gives Trend Micro’s Phish Insight an Edge?
Leveraging over 30 years of Trend Micro’s expertise in cybersecurity and having a daily awareness of real-world threats gives Phish Insight an edge. The simulated attacks mirror the tricks used by today’s top threat actors. And with over 200 simulated phish templates (and new ones added monthly) security teams can a’ la carte pick attack types ranging from software updates, failed logons and email messages linking to spoofed landing pages. The multitude of options are designed to help expose risk at all staffing and department levels within a company.
Security auditors can also manipulate when simulated phish messages hit inboxes, just like criminals. Campaigns are customizable and can be sprung on staff at times most opportune to employees letting down their guard, such as during a mid-afternoon slump.
From Email Oblivious into Inbox Watchdogs
Phish Insight’s Software-as-a-Service platform is turnkey, allowing a single dashboard for launching campaigns, monitoring and understanding employee security soft spots. For example, once users are identified as “at risk”, the platform allows for immediate intervention via educational landing pages or one of over 100 training modules.
Training content is sourced from market leading cyber-training vendors and the sessions are always fresh, with content designed to match different teams, departments, roles and employee seniority. Once employees are engaged in training sessions, facilitators can track attendance and monitor training effectiveness, as measured against ongoing simulated phishing attacks.
The Phish Insight dashboard keeps score on what exactly was clicked on, what operating system and browser version was used. The platform can also detect if any sensitive data was shared. Data can be visualized online or downloaded as a spreadsheet-friendly .CSV file.
Free-to-Try Trend Micro Phish Insight
Phish Insight is a SaaS service aimed at enterprise admin and corporate email recipients. Its purpose is to raise an employee’s security awareness so they can protect themselves and their company from internet fraud, phishing and other cyber security threats.
The platform is capable of synchronizing with a company’s Active Directory, allowing for easy deployment and management.
You can get started with Trend Micro’s Phish Insight for free. Trend Micro offers a Standard and Premium level of service aimed at smaller enterprises (with up to five domains) and large enterprises (with up to 15 domains).