Story image

Sophos unveils new phishing attack simulation solution

15 Mar 18

​Many experts are in agreement when it comes to phishing.

It is likely one of the most frequent, persistent and potentially harmful forms of cyberattack that organisations face today. In fact, research from Freeform Dynamics found that 41 percent of organisations see a phishing attack on a daily basis.

Sophos says phishing remains an easy access route into organisations for today’s ransomware payloads and data breaches, which means employee training remains critical to maintaining effective security.

In light of this, Sophos has announced the expansion of its Sophos Phish Threat phishing attack simulator and training solution to Europe and Asia. The expansion comes with enhanced dashboards and new analytics to track organisational risk and employee performance and aims to simplify a key part of an organisation’s security strategy – employee awareness.

"Human behaviour is a critical element of cyber security yet 62 percent of companies don’t train employees to recognise phishing attempts," says Sophos senior vice president Bill Lucchini.

"SophosLabs sees malware on up to 77 percent of blocked mail. Creating a culture of security and data protection awareness has risen in priority with the greater risk of email borne ransomware and the planned introduction of new legislation such as GDPR.”

According to Luccchini, Sophos Phish Threat automates the entire training process and provides visual analytics to identify vulnerable employees. An added benefit of the platform is that it can be managed alongside email, endpoint, and network security from one console for improved, risk management and incident response.

“Employees have to be responsible for the way they handle data and how to spot a phishing attack should be part of their training,” says Lucchini.

“Phish Threat builds greater employee awareness by creating suspicious emails using known techniques, successful spoofs, and contemporary examples. In fact, after just four Phish Threat simulation training emails, the average organisation reports a 31 percent reduction in employee susceptibility.”

Sophos says that with its Phish Threat platform, IT managers are able to identify susceptible employees and manage relevant real-world phishing email simulations to deliver more effective training sessions from within Sophos Central.

Attack templates and training are available  in nine languages and constantly updated based on current phishing threats. When errors are made, individuals are automatically given corrective training to learn from their mistakes.

Phish Threat also provides the analytics and reporting metrics to allow tracking and measurement of overall business risk and security posture at an organisation or individual level.

A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.