SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Sophos unveils new phishing attack simulation solution
Thu, 15th Mar 2018
FYI, this story is more than a year old

​Many experts are in agreement when it comes to phishing.

It is likely one of the most frequent, persistent and potentially harmful forms of cyberattack that organisations face today. In fact, research from Freeform Dynamics found that 41 percent of organisations see a phishing attack on a daily basis.

Sophos says phishing remains an easy access route into organisations for today's ransomware payloads and data breaches, which means employee training remains critical to maintaining effective security.

In light of this, Sophos has announced the expansion of its Sophos Phish Threat phishing attack simulator and training solution to Europe and Asia. The expansion comes with enhanced dashboards and new analytics to track organisational risk and employee performance and aims to simplify a key part of an organisation's security strategy – employee awareness.

"Human behaviour is a critical element of cyber security yet 62 percent of companies don't train employees to recognise phishing attempts," says Sophos senior vice president Bill Lucchini.

"SophosLabs sees malware on up to 77 percent of blocked mail. Creating a culture of security and data protection awareness has risen in priority with the greater risk of email borne ransomware and the planned introduction of new legislation such as GDPR.

According to Luccchini, Sophos Phish Threat automates the entire training process and provides visual analytics to identify vulnerable employees. An added benefit of the platform is that it can be managed alongside email, endpoint, and network security from one console for improved, risk management and incident response.

“Employees have to be responsible for the way they handle data and how to spot a phishing attack should be part of their training,” says Lucchini.

“Phish Threat builds greater employee awareness by creating suspicious emails using known techniques, successful spoofs, and contemporary examples. In fact, after just four Phish Threat simulation training emails, the average organisation reports a 31 percent reduction in employee susceptibility.

Sophos says that with its Phish Threat platform, IT managers are able to identify susceptible employees and manage relevant real-world phishing email simulations to deliver more effective training sessions from within Sophos Central.

Attack templates and training are available  in nine languages and constantly updated based on current phishing threats. When errors are made, individuals are automatically given corrective training to learn from their mistakes.

Phish Threat also provides the analytics and reporting metrics to allow tracking and measurement of overall business risk and security posture at an organisation or individual level.