In 2020, Resolve Not to Simulate Last Year’s Phish
By Tonia Dudley
As you start off the new year, it’s a good time to recalibrate your phishing simulation program. Things change—business objectives, mergers, acquisitions or divestitures. The threat landscape is constantly changing too and may require a complete shift in your security awareness efforts. This is why you should focus on one quarter at a time—we’d all be millionaires if we could predict the future 12 months from now.
Align Your Simulations to Phish Your Users See.
As you prepare to launch simulations this quarter, ensure you align these to the threats actually hitting your users’ inbox. By keeping your campaigns aligned, you are better preparing your users to defend your organization against a phishing incident that could lead to a data breach or ransomware attack.
How do you achieve this? Start by reaching out to your Security Operations Center (SOC), the experts on the threats facing your organization. Also, many organizations are now standing up a Cyber Threat Intelligence team to proactively hunt for threats—these analysts are another great source of anti-phishing recommendations.
Planning a Credential Phish? Attackers Probably Are.
If you don’t have access to either of these resources, check out our most recent Cofense Annual Phishing Report. For example, we continue to see phishing emails that target credentials. Whenever I visit customers or talk to security teams, I ask if they are seeing credential phishing as a major threat to their organization. Without skipping a beat, the response is typically an immediate “yes” followed up with a real phishing incident story.
Figure 1: Sample credential phish
Running a credential phishing campaign can sometimes be complex, but compared to the time spent remediating a phishing incident, it is time well spent. Chances are a credential simulation will pay off. Consider this nugget from our Annual Phishing Report:
74% of Real Phish Are Credential Phish
But Credential Phish Are Only 17.2% of Simulations
That’s a gap in your phishing awareness program you don’t want to see.
Don’t Forget Tax Season, Plus Data Privacy and Valentine’s Days.
Beyond credential threats, the first quarter of the calendar year offers seasonal themes. I’ve seen some awareness programs use a topics calendar, and the following topics are good bets for the first few months of the year.
- Data Privacy Day – January 28th.
- Tax season – anything related to tax topics and W2’s pique interest.
- Valentine’s Day
- I know some of you are right now thinking about that Valentine’s e-Card you want to send out. We recently covered holiday themed campaigns used by the Emotet botnet in our December blog post. If Emotet comes back online, we’ll most likely see them leverage a similar holiday theme again. If you want to align a Valentine’s theme to a real threat, focus on an attachment that leverages a macro enabled MS Word document. Speaking of Emotet, because it’s one of the biggest botnets out there, Cofense led off our new podcast series, Phish Fryday, with an Emotet deep-dive. Check it out here.
Whatever topics or themes you choose, just be sure they reflect the email threats your users will likely see. Whether your program is mature (and needs a jolt) or you’re just getting started, good luck! The Cofense resources below can help you move from awareness to full-strength phishing defense.
HOW COFENSE CAN HELP
Thanks to our unique perspective, no one knows more about REAL phishing threats than Cofense. To understand them better, read the 2019 Phishing Threat & Malware Review.
Every day, the Cofense Phishing Defense Center analyzes phishing emails with malware payloads that bypassed email gateways. 100% of the threats found by the Cofense PDC were identified by the end user. 0% were stopped by technology.
Easily consume phishing-specific threat intelligence to proactively defend your organization against evolving threats with Cofense Intelligence.
All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats.