Story image

Sophos unveils new phishing attack simulation solution

15 Mar 2018

​Many experts are in agreement when it comes to phishing.

It is likely one of the most frequent, persistent and potentially harmful forms of cyberattack that organisations face today. In fact, research from Freeform Dynamics found that 41 percent of organisations see a phishing attack on a daily basis.

Sophos says phishing remains an easy access route into organisations for today’s ransomware payloads and data breaches, which means employee training remains critical to maintaining effective security.

In light of this, Sophos has announced the expansion of its Sophos Phish Threat phishing attack simulator and training solution to Europe and Asia. The expansion comes with enhanced dashboards and new analytics to track organisational risk and employee performance and aims to simplify a key part of an organisation’s security strategy – employee awareness.

"Human behaviour is a critical element of cyber security yet 62 percent of companies don’t train employees to recognise phishing attempts," says Sophos senior vice president Bill Lucchini.

"SophosLabs sees malware on up to 77 percent of blocked mail. Creating a culture of security and data protection awareness has risen in priority with the greater risk of email borne ransomware and the planned introduction of new legislation such as GDPR.”

According to Luccchini, Sophos Phish Threat automates the entire training process and provides visual analytics to identify vulnerable employees. An added benefit of the platform is that it can be managed alongside email, endpoint, and network security from one console for improved, risk management and incident response.

“Employees have to be responsible for the way they handle data and how to spot a phishing attack should be part of their training,” says Lucchini.

“Phish Threat builds greater employee awareness by creating suspicious emails using known techniques, successful spoofs, and contemporary examples. In fact, after just four Phish Threat simulation training emails, the average organisation reports a 31 percent reduction in employee susceptibility.”

Sophos says that with its Phish Threat platform, IT managers are able to identify susceptible employees and manage relevant real-world phishing email simulations to deliver more effective training sessions from within Sophos Central.

Attack templates and training are available  in nine languages and constantly updated based on current phishing threats. When errors are made, individuals are automatically given corrective training to learn from their mistakes.

Phish Threat also provides the analytics and reporting metrics to allow tracking and measurement of overall business risk and security posture at an organisation or individual level.

Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.