Part 2 of 2
In part 1 of this short series, we gave tips on re-energizing a mature security awareness program. We noted the importance of reassessing your organization’s risk profile and communicating with users as you educate them on phishing. For part 2, let’s look at anti-phishing through the lens of simulated threats.
How to Refocus Your Phishing Simulations
If you manage a security awareness program, you need to educate users on phishing emails that land in their inboxes—active threats like malware, business email compromise (BEC), or sextortion. This means talking to your SOC to understand the threats your business faces, then running simulations of those same threats. The objective isn’t just to educate users to spot phishing but to condition them to report threats, so the SOC can respond faster.
If you’ve been running simulations for some time, here are proven ways to reinvigorate your program.
Give Users an Easy Way to Report
To repeat, reporting is what you’re after. Make it easy for ALL users to report a suspicious message by giving them an EZ button. Cofense PhishMeTM customers can (and should) deploy Cofense ReporterTM, our email toolbar button that lets you report with one click.
If users don’t report threats, the SOC is blind while the danger spreads. Well-conditioned users become human sensors that send valuable threat intelligence to your security teams.
Send Targeted Simulations
As you build resiliency across your organization, send different simulations to different kinds of users: high-value targets in human resources or finance, repeat clickers, and new hires/new users. You’ll also want to continue sending campaigns to your full population.
Simulate Emerging and Active Threats
The phishing scenarios in Cofense PhishMe are based on real threats, thanks to constant input from our threat intelligence teams. For example, we see a lot of emerging threats, those observed in the wild, using phony invoices and purchase orders. Threat actors have a good understanding of how organizations process payments and emulate those methods to disarm users.
If something seems familiar, users are more likely to open an attachment or click links to filesharing sites like Sharepoint. Another example: users often feel safe using sites that display the HTTPS prefix and padlock symbol. They look for these on e-commerce sites asking them to enter personal information. There’s been an uptick in threat actors leveraging HTTPS in phishing emails, so you might use this tactic in your simulations.
Also be sure to send simulations that mirror active threats—phishing emails that get past your organization’s secure email gateway (SEG). Again, communicate with your SOC to learn the latest examples. If your organization is a Cofense TriageTM and Cofense VisionTM customer, these incident response solutions can give you deeper insight.
As your phishing awareness program matures it needs to stay current with your phishing risk. Teach users to report more nuanced attacks should they breach the perimeter. To counter today’s threats, your organization, all of it, needs to keep up with the times.
All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats.