You can view the recorded webinar here: http://bit.ly/1K84eyf
Phishing continues to pose a growing threat to the security of industries of every kind — from financial organizations to government contractors to healthcare firms. Today’s savvy phisher manages to evade even the most significant safeguards through carefully planned, socially engineered email phishing attacks.
In fact, according to Verizon’s Data Breach Investigations Reports, 95% of all espionage attacks and nearly 80% of all malware attacks involve phishing. And people — your internal users — are the largest and most vulnerable point of entry.
To provide an idea of where — and how — organizations make themselves most vulnerable to phishing attacks, ThreatSim presented a one-hour live webinar that covered:
-A look at our annual State of the Phish report, including analysis and metrics on how and why end users are vulnerable to phishing and how to address the problem
-What your peers are doing, whether it is working, and what you should be doing
-Data and analysis of click and open rates from millions of simulated email phishing campaigns, including: mobile use in the workplace and who’s most vulnerable, browser and plugin stats, and platform data across industries
-Insight into what proactive organizations are doing to better train their end users to identify and avoid phishing attacks
Learn how to plug one of, if not the biggest hole in the security of your organization.
You can view the recorded webinar here: http://bit.ly/1K84eyf
18. Connect with us
13800 Coppermine Rd.
Suite 302
Herndon, VA 20171
888-687-1337
info@threatsim.com
http://threatsim.com
info@threatsim.com
threatsim.com/demo
@threatsim
Q&A / Discussion
View the recorded
webinar here:
http://bit.ly/1K84eyf
Editor's Notes
NOTE: use the Ron Burgundy picture --- lightens the mood early and infuses some humor -- it’s also just a more interesting slide to look at
Talk about – before I did TS I was doing Pen-testing. Noticed that users still fell for phishing. I’ve had a very technical background. Found that this type of training works.
This is the high level problem. Starting high level. Phishing is still a big problem. Not going to waste your time.
Talk about hidden costs
Say “you, you guys, etc.” make it about the attendees
It only takes one click.
Eye-rolling objections. Why should I even try? “Moving the football down the field”. Demonstrable reduction of end user risk.
Remove “Focus” point – trim this down
Make sure we qual this data - 23% open of ALL customers of ALL maturity levels.
11% - After several months we see a nice reduction in training
Need to call out the key results ---- “Nearly 20% of respondents were able to reduce click rates by 76-100%; 14% reduced by over 50%” --- dynamic training works
Consistent year-to-year finding --- the frequency of training has a direct & positive impact on reducing click rates and increasing end users’ skill at identifying phishing messages.
In 2014:
Quarterly = 15-18%
Bi-Monthly = 12-15%
Monthly = 4-9%
**most customers had only been using TS for 1-2 years at that time. Current data includes a significant number of customers in their 3rd year.
Differentiate Phishing vs. Spear Phishing – If the attacker is willing to take the time to target specific people – they are highly motivated and not a garden variety attacker.
Note: take some time to highlight spear phishing as the real threat…
It really pays to focus on spear phishing training --- and what we mean by that is using more customized messages with your end users, as well as very targeted simulations against high-risk segments (executives, finance, sys admins)
92% of all targeted attacks start with spear phishing ----- Sony, RSA, White House, etc… (update with other breaches)
How do you avoid the bear? Run faster than the next guy. Training end users about spear phishing is just another layer in your defense in depth program that raises the cost of attack and hopefully motivates the hacker to move onto easier targets.
Interesting info to IR team
Substantiates why we need employees as part of the solution
Just do top 3
Make sure it’s clear that these are click rates
Say “phishing message content” or “phishing emails”
We saw a HUGE increase in mobile activity
405% iOS growth
927% for Android growth
Talk about stats, talk about why this isn’t enough – “Train like you fight”. Persist the message over time – changes user behavior over time.