Cofense - Security Awareness Training & Email Threat Detection

Hackers Analyse Your Capabilities. Use this Matrix to Do the Same

Share This Article

Regular followers of Cofense™ know that phishing threats evolve. For detailed evidence, read the Cofense Malware Review 2018 and see the techniques threat actors employ to keep security teams on their toes.

As attackers evolve, so must the guardians of organisational security. It’s essential that we take the time to review our phishing defence strategies, and ask, “Is it maturing, or is it just getting old?”

When reviewing phishing defence, what does ‘mature’ really mean? No longer can we be satisfied that we’re making our users more ‘aware’ of phishing, and through this we’ll reduce our risk. It’s simply not true. At Cofense we’ve long-championed the mantra that for true phishing defence, user awareness isn’t the problem, and simply increasing awareness is surely not the answer. The real problem is twofold:

1. Lack of visibility of real threats bypassing our perimeter controls

2. Our ability to understand these threats and effectively respond

Recently, the Cofense Phishing Defence Center (PDC) released some stats that highlighted the risk. On average, 14% of the emails reported to the Cofense PDC have some form of malicious content. It’s important to remember that these emails are reported to the PDC by well-conditioned users, after perimeter controls have failed to identify, and prevent, the threat.

Therefore, to understand the maturity of your phishing defence you need to further review two capabilities we have talked about before—the ability of users to recognise and report phishing threats, and the ability of security teams to take appropriate action when these reports are received. To help you do this, ask yourself, “What is our capability in these areas?”

Rate your organization’s capabilities based on the questions below:

An image of a diagram explaining a concept related to a Email Security topic.
Plot your responses to the above questions in the matrix below. This will enable you to easily understand and communicate your current state and identify ways to improve your anti-phishing program and security capabilities.

An image of a graph showing data related to a particular metric.

For a great example of how a mature phishing defence program really does make an organisation more secure, take a look at a recent post – Phishing attack shut down in 19 minutes with Cofense Triage™.


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.