Mature Your Anti-Phishing Program to Reflect Active Threats

Share Now


At CofenseTM we often hear comments from customers like, “My anti-phishing program has been running for years, email reporting rates have increased, and overall my users are better prepared. How can I continue to address and lower my risk?”

A wise CISO once told me that sometimes you need to “turn up the heat,” for no other reason than attackers will do the same. They don’t ask for permission before they launch a phishing attack. To stay a step ahead of them, you have to think like they do. While your program might have many more users reporting phishing versus falling susceptible, you still have to make adjustments based on active threats your business faces.

Let’s talk about a few ways your organization can do that.

  1. Sharply focus your simulations on threats you currently face.

Cofense PhishMeTM bases many of its simulation templates on active threats. Chances are, you can find plenty of scenarios that mirror the bad stuff hitting your inboxes. Plus, you can customize simulations to fit your business, industry, and culture.

If you need help in identifying active threats, ask your SOC or incident response team or turn to the Cofense TriageTM team. As the “in the trenches” experts, they’ll be able to help you create more realistic simulations based on reported malicious emails that have gotten past your existing security perimeter defenses.

Want proof? The Cofense State of Phishing Defense 2018 report shows data on phishing simulations based on active threats. In 7 of the top 10 phishing scenarios, more of our customers’ employees reported emails than fell susceptible, sometimes by margins of 3 to 1 or more.

  1. Launch training exercises that simulate internal business processes.

It’s not hard for attackers to figure out your basic business processes, many of which are tied to email. Armed with this knowledge, phishers can launch enticing attacks both to users in general and high-value targets in particular, for example, employees in Finance or HR.

Other favorite targets include forms used in customer acquisition or sales, customer success, product development, and product or service delivery. You can’t go wrong in crafting simulations mirroring business as usual, especially if the email appears to come from an internal address. Anything related to invoices, payments, PTO, and benefits is good fodder.

  1. Use free Cofense CloudSeeker to see configured SaaS applications and how phishers could exploit them.

Cofense Cloudseeker shows you all the SaaS apps configured in your environment, including any provisioned without IT’s knowledge.

These unknown apps could (a) have security vulnerabilities and (b) use email to send and receive data. So consider creating training exercises to simulate these communications. When users click on an email from an unknown SaaS app, it’s a great opportunity to educate them and harden your defenses.

These 3 tips can prevent your mature program from becoming creaky. For another perspective on anti-phishing, check out our “Left of Breach” e-book.


All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks.


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.