2. The Changing Focus of Cyber Attacks
Target systems,
applications and
networks with
malicious content
Target weakest link –
the employees – with
social engineering and
deception
Yesterday Today
6. The threat landscape for phishing
3%
5%
15%
6%
5%
26%
32%
9%
I DON’T KNOW
NEVER
INFREQUENTLY
MONTHLY
FORTNIGHTLY
WEEKLY
DAILY
HOURLY
41% OF IT PROS REPORT AT LEAST DAILY
PHISHING ATTACKS
Phishing Temperature Check, Freeform Dynamics 2017 (for Sophos)
Data from 330 global IT professionals
62% OF ORGANIZATIONS FAIL TO TEST
USER AWARENESS
62%
6
Choice of statistics
10. The Solution is Sophos Phish Threat
Simulated attack campaigns and training in 3 easy steps
• Customizable attack
templates fed by latest
threat intelligence
TEST
1
• Range of interactive
training courses
covering security and
compliance topics
TRAIN
2
• Campaign reporting
• Security posture by
organization, group or
individual
MEASURE
3
10
12. 100’s of Customizable Attack Templates
Choice of 9 languages
Realistic simulations powered by global
threat intelligence
Library of international templates from
beginner to expert
Multiple scenarios and difficulties
Plain text business
updates
Australian Federal
Police
Amazon
DVLA
Canada Post
New Zealand Inland
Revenue
Department
Parcelforce
Apple
Growing library of international content
13
13. Over 60 Employee Training Modules
Phishing
Credential harvesting
Vishing (phone phishing)
Social engineering
Ransomware
Secure social media use
Public Wi-Fi
Malicious attachments
Passwords & passphrases
Two-factor
authentication
Principle of least privilege
Physical security and data
protection
EU General Data Protection Regulation (GDPR)
Gramm-Leach-Bliley Act (GLBA)
Health Insurance Portability and Accountability Act (HIPAA)
Payment Card Industry Data Security Standard (PCI DSS)
Security Topics
Compliance Topics
15
Range of video styles
Interactive quiz following each course
Full reporting of course completion
Knowledge checks
Interactive modules
Gamification
14. Gartner Award Winning Training Partnership
16
• Ninjio awarded Gartner Customer Choice award
• New episode released every month
• Hollywood dramatizations of real-life incidents
22. 1
Malicious Email Link Clicked – Q4 CY 2018
A user clicks a risky email link, re-written
by Time-of-Click URL Protection
Endpoint Policy Violated - Q4 CY 2018
A user performs an action that puts the
organization at risk from cyber attack
Synchronized Security: Phish Threat + Email/Endpoint
2
Email: Identify at Risk Users
Instantly view high-risk users in the Time-of-
Click “At Risk Users” report
Endpoint: Identify at Risk Users
Instantly view high-risk users for Malware
Downloaders, DLP and Web Policy Violators
One Click Enrolment in Training
Enroll high risk users directly into
Phish Threat phishing simulations
and security awareness training in
one-click.
3
Security Heartbeat™
25
24. #1
Single License
Inclusive per user
license keeps
decisions simple
#2
No Limits
Freedom to run
unlimited
campaigns
#3
500+ Templates
Customizable
attacks fed by latest
threat intelligence
#4
60+ Courses
Range of training
covering security
and compliance
#5
Full Reporting
Measure success by
organization, group
or individual
#6
Sophos Central
One console, full
cybersecurity
portfolio
Phish Threat Highlights
27
Making phishing simulations and security training effortless
25. Educating Employees Across the Globe
1,000,000 Users
28
62Countries
Reduction in Employee
Susceptibility
31%
For over 30 years Sophos has been delivering innovative, simple, and highly-effective cybersecurity solutions to IT professionals and the channel that serves them.
And we understand that securing organisations today has a lot to do with educating employees around the cyber security threats they face
Where as in the past attackers would target systems, applications, networks. Today they target often the weakest link in the organisations – Employees – with social engineering and deception
A lot of IT Pros know about the risk from these changes – with 41% in a recent Sophos Survey reporting daily phishing attacks
But they struggle to manage simulated attacks and computer based training
When they do, training can often be dull and users struggle to retain the training content
IT and users need simple and easily accessible solutions
A staggering 93% of company breaches in security now due to an attack that started with a phishing email.
77% of all spam we receive in SophosLabs, now found to contain a malicious attachment of some kind, including Ransomware
In a recently study carried our for Sophos by Freeform Dynamics and the Register, we found that 41% of businesses are now seeing at least daily phishing attacks.
Here’s why helping users spot the phish is increasingly important, as a worrying 41% of IT Pros reporting at least daily phishing attacks on their organization.
[CLICK]
With the motive of attacks spread between 59% - having a direct financial goal – either through harvesting of credential for resale, infecting systems with ransomware, or impersonating senior managers to convince employees to transfer them funds or valuable employee data.
[CLICK] and 41% of phishing attacks motivated by trying to obtain access to a company’s network to steal data, gain control of systems and so on
So what do the attacks look like to the user and how are attackers turning these scams into big business.
At a basic level, Phishing is really just an attempt to bait a user into performing and action they didn’t intend to:
Whether that’s clicking a malicious link
Opening and infected attachment
Or, supplying sensitive personal or company data and funds. Either through credential harvesting sites or direct via email
Depending on how sophisticated the scam is, and the resources behind it, they can have substantially different pay-outs. As you’ll see here
[Click]
From credential theft. Scoring attackers anything from a couple of dollars depending on the access they grant.
Requiring very minimal effort from the attacker, with free kits available containing emails and web pages of real brands, and usually sent from free email addresses.
[Click]
To malware, such as ransomware downloaded from documents or websites.
big business. Averaging $2.5k per attack, but for you the cost could run into the hundreds of thousands.
A Relatively quick turnaround for attackers, with Ransomware –as-a-service websites available to create and malicious payloads for them. And Almost half of all victims pay.
[Click]
And, then we have highly targeted Account Compromise attacks. Netting attackers anywhere from thousands to millions in pay-out – pretty much the definition of filthy rich. These use social engineering to impersonate senior executives, or trusted suppliers. Sending urgent requests that trick employees into carrying out large wire transfers or sending over sensitive information.
But it is where Sophos phish threat comes in.
Phish Threat is all geared around helping IT teams help change user behaviour, and reduce organizational risk through regular, real-world phishing simulations, all backed up with security awareness training and reporting to improve awareness - in a few simple steps
First you pick a phishing attack campaign
Then pick a security training module that corresponds to that attack and enrol your users
Then sit back and watch from the dashboard to monitor individual and organizational awareness to the simulated attack, and the improvement over time.
So lets take a look at Phish Threat to find out more.
A range of customizable campaigns that mirror the tactics used in real phishing attacks.
Phishing link campaign – where we are trying to lure a user to click a phishing link
Credential harvesting – this time where we are sending users to a fake credential harvesting website to enter username and password details (don’t worry, we don’t store any data)
Attachment campaigns – where we lure a use to open an attachment that could in the real word contain a malware downloader for instance
And lastly a Training-only campaign – no simulated attack this time. You create your own branded email and attach training
Each campaign style is fully customizable – from attack email, to training landing pages and training reminder emails.
All templates and training is available in a choice of nine languages:
English
French
German
Italian
Spanish
Portguese
Korean
Traditional Chinese
Japanese
Campaign selection
We start off here are the New campaign page in Sophos Central, and after giving our campaign a name. we have 4 options for the type of campaign you’d like to build for your end users:
Here you can choose between Phishing link campaigns
Credential harvesting where we’ll lure users to a fake web page to enter details (don’t worry we don’t store anything)
You’ve then got Attachment campaigns – trying to trick users into opening a document file
And lastly, training-only campaigns. No simulated attack here. We’re sending your branded email, with your choice of training.
Once we’ve chosen a campaign, simply select your preferred language from a choice of nine. And that will be applied to the email template and training module.
You can even apply that language to whole Sophos Central interface if you like.
More than 500 customisable attacks templates to choose from, all fed by the latest threat intelligence from SophosLabs, and our industry experts.
And they include banks, retail brands, social media, IT services and simple plain text emails that could have been sent by a colleague.
And with new templates added every week, It’s easy to find the type of email template you want. Filter by difficultly level and identify the latest content with “New” and “Featured” labels
You have more than 500 customisable attacks templates to choose from, all fed by the latest threat intelligence from SophosLabs, and our industry experts.
And they include banks, retail brands, social media, IT services and simple plain text emails that could have been sent by a colleague.
And with new templates added every week, It’s easy to find the type of email template you want.
First you quickly filter by difficulty level.
Or look out for these handy flags
First….Our Featured Templates
These are the latest phishing attacks and seasonal campaigns. Helping you train users to identify real-world attacks hitting inboxes today and the seasonal campaigns they need to know about.
And in the case of credential harvesting attacks you can also see the web page your users will be sent to after clicking the email
And for the freshest campaigns – look for the New templates
All of these have been added in the past 30 days. And every template can be fully customised later on.
So let’s select our email and take a look at training
Realistic email templates are only the start
With Phish Threat, you get a Single license model to keep decisions simple - covering Unlimited campaigns – unlimited templates and all the training modules available.
Each course is an average of 5mins in length – making them extremely accessible for those busy employees
And they cover a range of topics shown on screen.
With each course containing a detailed summary and preview option for the admin and end user.
And as we switch to the end user experience you’ll see the Seamless delivery of content in action – with no need for passwords.
And the user benefits from a range of training content to support all learning styles = From videos, interactive courses and gamification, each with a combined knowledge check at the end.
And we’re now able to boast our latest training partnership with Ninjio, adding their unique award winning style of training to the mix
* Not currently available in German or Italian.
And now….lets take a quick look at the some highlights of that training in action.
Now training is very important. But what you need to be able to measure is if that education is changing user behaviour.
Are they able to spot more real attacks now, and report them?
Well with the Outlook add-in for Phish Threat for enhanced reporting we can do just that.
Allowing users to report malicious emails direct from the inbox and passing that data feed to Sophos Email, Endpoint and web security products through SophosLabs.
And also surface that data in Sophos Central.
With new Phish Threat reports that allow you to really measure training effectiveness against reports of simulated phishing attacks. To prove effectiveness of training and knowledge retention.
As well as providing:
At-a-glance campaign stats
Measure overall risk level & improvement
Measure your organizations awareness
And combine that with how quickly users are reporting simulated phishing emails – allowing us to monitor behavior changing from knowing to doing – a really important distinction when combatting real cyber threats.
And I’ll add this is one of a number of reports and dashboards providing insight in organizational, campaign and individual behavior.
And in Q4, the integration of Phish Threat in Central is set to become even more interesting with Sophos synchronized security.
The greatest risk from attackers is not individual campaigns, its connected attacks
Using vehicles like Phishing emails to first penetrate your defences
In that case computer-based training in isolation is not enough.
That’s why Sophos are already the only vendor to offer a layered security defence, with protection at every point of the attack change – combining cyber security technology, with attack simulations and employee training in a single console – Sophos Central
But that’s just the start.
Coming very soon in Q4 2018, will launch one click enrolment of risky users from Sophos Email and Endpoint into Phish Threat.
Identifying users who regularly click on links or files, or violate other security policies within these products and allow the admin to enrol them directly into targeted training.
It’s a first in the market and we’re really excited to offer it in the same license.
Phish Threat and Sophos can help you cut the risk of phishing in your business – with six major advantages:
You benefit from a single per user license that all email templates, training and reporting – not tiered packages that look the good stuff away
There are no Limits to the number campaigns you run per month
There are over 500 customizable email attack templates – fed from, or inspired by the latest threat intelligence from Sophos Labs.
And over 60 training courses - range from security to compliance topics – and we add one more every month.
Full Reporting allows you to measure success by organization, group or individual – against both real and simulated emails
And we are the only vendor with a single console, that allow you to build a layered defence against attacks – saving you valuable time
Combined, this makes Phish Threat from Sophos unique in the market today.
And we’ve seen huge demand for Phish Threat among partners. Launched on our US data center in February 2017, with new European datacenters launched earlier this year we’ve now grown to 1,000,000 active users!
And we’re now active in 62 countries!
And that simple approach to this complex issue - Existing customers able to reduce susceptibility to attacks by 31% in just four tests, you have good news to share soon to the rest of the business. (13% to 9% in four tests)
And as we’ve seen, user education is an essential part of an effective anti-phishing strategy.
So get your copy of our free anti-phishing toolkit to get fantastic resources to educate your users on the phishing threat, including:
- a 2-minute video
- a poster for your office
- a PPT deck for training sessions
- top tips to spot a phish
- A phishy flow chart to identify phishing emails