Story image

Sophos unveils new phishing attack simulation solution

15 Mar 2018

​Many experts are in agreement when it comes to phishing.

It is likely one of the most frequent, persistent and potentially harmful forms of cyberattack that organisations face today. In fact, research from Freeform Dynamics found that 41 percent of organisations see a phishing attack on a daily basis.

Sophos says phishing remains an easy access route into organisations for today’s ransomware payloads and data breaches, which means employee training remains critical to maintaining effective security.

In light of this, Sophos has announced the expansion of its Sophos Phish Threat phishing attack simulator and training solution to Europe and Asia. The expansion comes with enhanced dashboards and new analytics to track organisational risk and employee performance and aims to simplify a key part of an organisation’s security strategy – employee awareness.

"Human behaviour is a critical element of cyber security yet 62 percent of companies don’t train employees to recognise phishing attempts," says Sophos senior vice president Bill Lucchini.

"SophosLabs sees malware on up to 77 percent of blocked mail. Creating a culture of security and data protection awareness has risen in priority with the greater risk of email borne ransomware and the planned introduction of new legislation such as GDPR.”

According to Luccchini, Sophos Phish Threat automates the entire training process and provides visual analytics to identify vulnerable employees. An added benefit of the platform is that it can be managed alongside email, endpoint, and network security from one console for improved, risk management and incident response.

“Employees have to be responsible for the way they handle data and how to spot a phishing attack should be part of their training,” says Lucchini.

“Phish Threat builds greater employee awareness by creating suspicious emails using known techniques, successful spoofs, and contemporary examples. In fact, after just four Phish Threat simulation training emails, the average organisation reports a 31 percent reduction in employee susceptibility.”

Sophos says that with its Phish Threat platform, IT managers are able to identify susceptible employees and manage relevant real-world phishing email simulations to deliver more effective training sessions from within Sophos Central.

Attack templates and training are available  in nine languages and constantly updated based on current phishing threats. When errors are made, individuals are automatically given corrective training to learn from their mistakes.

Phish Threat also provides the analytics and reporting metrics to allow tracking and measurement of overall business risk and security posture at an organisation or individual level.

IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.