Telecommunications service provider Internet Solutions (IS) has introduced PhishNet, a phishing assessment tool that helps organisations provide cyber security education and training to employees.
According to IS, PhishNet provides educational tools on phishing and allows security teams to launch authentic phishing campaigns to their colleagues, bolstering training by demonstrating what a phishing lure looks like - and how easy it is to fall for one.
The software allows a company to identify how quickly they can spot a scam mail and hence measure their user awareness levels to recognise phishing threats. Frequent usage of the service trains staff to spot the mails but also allows the companies to exercise their response plans, it adds.
"Even in a company with a vibrant, happy, positive office culture, employee behaviour is one of the biggest risks to cyber security. Phishing attacks are increasingly sophisticated and they target individuals, so proactive employee education is an important element of a holistic cyber security strategy," says Sean Nourse, chief solutions officer at Internet Solutions.
Ronnie Apteker, founder of Internet Solutions, says frequent usage of the service trains staff to spot the scam e-mails while allowing companies to exercise their response plans.
"PhishNet provides security teams with detailed reports on who clicked the links contained in the mock-emails, who submitted credentials when prompted and even who is running vulnerable or outdated Internet browsers. This helps companies identify which employees require additional training and contributes to security efforts by making employees aware of new cyber threats."
IS says it recently tested the efficacy of phishing by sending a PhishNet campaign to a list of IT-savvy contacts. Despite deliberate spelling errors, an outdated logo and a questionable subject line, 40% of recipients clicked the phishing link contained in the e-mail.
"This test clearly demonstrated that everyone is vulnerable to phishing, not only people who are technologically inexperienced. We can be negligent and distracted using our personal devices, and we're no different when using company laptops, mobile phones and tablets," notes Nourse.
Apteker explains phishing remains one of the most popular forms of cyber crime because it is highly profitable and offers returns in the form of banking PINs, credit card details and passwords, compromising personal information.
"Employee behaviour, from what I have learned, is always the weakest link in the chain. As long as human beings are in the mix, there is going to be a risk when it comes to cyber security. People can be misled and they can also be negligent. A service like PhishNet contributes to an ongoing education effort through raising people's awareness of these attacks, helping them spot suspect mails and then honing their reactions to it."
Share