Email Phishing Test Simulation, Educating the Users
Download as PPTX, PDF0 likes491 views
The document outlines the Sophos Central Phish Threat solution, emphasizing the integration of email security with user education through interactive training and simulated phishing attacks. It features over 140 customizable attack templates and more than 30 training courses covering various security topics, alongside reporting tools to measure effectiveness. The solution aims to enhance users' ability to recognize and respond to phishing threats while ensuring compliance with relevant regulations.
Email Phishing Test Simulation, Educating the Users
- 1. Sophos Central Phish Threat 23 November 2018
- 2. Solution: Combine Email Security with Education Educate and test your users to spot attacks • Over 140 attack templates using real threat intelligence TEST 1 • Deliver over 30 interactive security training courses TRAIN 2 • Campaign reporting • Measure organization and individuals MEASURE 3 2
- 3. Attack Email Caught Email Training Enrollment Email Attack Landing Page Reminder Email Caught User Landing Page Training Landing Page PHISHING LINK CAMPAIGNS Lure an employee to click on a link in an email Phish Threat Campaigns ATTACHMENT CAMPAIGNS Simulate an attack involving a malicious Office attachment TRAINING CAMPAIGNS Enroll employees directly in training without simulation CREDENTIAL HARVESTING CAMPAIGNS Lure an employee into entering login credentials online Customizable content and branding
- 4. 4 Optional ‘campaign types’ video
- 5. 100’s of Customizable Attack Templates Choice of 9 languages Realistic simulations powered by global threat intelligence Library of international templates from beginner to expert Multiple scenarios and difficulties Plain text business updates Australian Federal Police Amazon DVLA Canada Post New Zealand Inland Revenue Department Parcelforce Apple Growing library of international content 5
- 6. 6 Optional ‘attack templates’ video
- 7. Over 60 Employee Training Modules Phishing Credential harvesting Vishing (phone phishing) Social engineering Ransomware Secure social media use Public Wi-Fi Malicious attachments Passwords & passphrases Two-factor authentication Principle of least privilege Physical security and data protection EU General Data Protection Regulation (GDPR) Gramm-Leach-Bliley Act (GLBA) Health Insurance Portability and Accountability Act (HIPAA) Payment Card Industry Data Security Standard (PCI DSS) Security Topics Compliance Topics 7 Range of video styles Interactive quiz following each course Full reporting of course completion Knowledge checks Interactive modules Gamification
- 8. Changing Behaviour from ‘Knowing’ to ‘Doing’ 8
- 9. Phish Threat Enhanced Reporting 9 Endpoint Email Web XG Firewall Dashboard Reports Campaigns PHISH THREAT
- 10. 10
- 11. 11
- 12. 12
- 13. PRIVATE AND CONFIDENTIAL Sales Hotline +65 6805 8988 Sales Email Enquires contact@netpluz.asia 24x7 Helpdesk Hotline 1800 NETPLUZ (1800 6387589) https://www.netpluz.asia
Editor's Notes
- #3: Combine email security with simulated phishing attacks that allow you to test user awareness by emulating the tactics used by real phishing attackers, and couple that with training to educate end users so they know how to spot and stop the real thing. And perhaps most importantly measure progress and improvement to demonstrate ROI to the rest of the business. Phish Threat from Sophos does all three. With over 140 customizable attack templates fed by latest threat intelligence Over 30 interactive training courses covering a range security and compliance topics And comprehensive reporting. Allowing you to measure performance by campaign, individual user, and at an organizational level to measure susceptibility to attack.
- #4: A range of customizable campaigns that mirror the tactics used in real phishing attacks. Phishing link campaign – where we are trying to lure a user to click a phishing link Credential harvesting – this time where we are sending users to a fake credential harvesting website to enter username and password details (don’t worry, we don’t store any data) Attachment campaigns – where we lure a use to open an attachment that could in the real word contain a malware downloader for instance And lastly a Training-only campaign – no simulated attack this time. You create your own branded email and attach training Each campaign style is fully customizable – from attack email, to training landing pages and training reminder emails. All templates and training is available in a choice of nine languages: English French German Italian Spanish Portguese Korean Traditional Chinese Japanese
- #5: Campaign selection We start off here are the New campaign page in Sophos Central, and after giving our campaign a name. we have 4 options for the type of campaign you’d like to build for your end users: Here you can choose between Phishing link campaigns Credential harvesting where we’ll lure users to a fake web page to enter details (don’t worry we don’t store anything) You’ve then got Attachment campaigns – trying to trick users into opening a document file And lastly, training-only campaigns. No simulated attack here. We’re sending your branded email, with your choice of training. Once we’ve chosen a campaign, simply select your preferred language from a choice of nine. And that will be applied to the email template and training module. You can even apply that language to whole Sophos Central interface if you like.
- #6: More than 500 customisable attacks templates to choose from, all fed by the latest threat intelligence from SophosLabs, and our industry experts. And they include banks, retail brands, social media, IT services and simple plain text emails that could have been sent by a colleague. And with new templates added every week, It’s easy to find the type of email template you want. Filter by difficultly level and identify the latest content with “New” and “Featured” labels
- #7: You have more than 500 customisable attacks templates to choose from, all fed by the latest threat intelligence from SophosLabs, and our industry experts. And they include banks, retail brands, social media, IT services and simple plain text emails that could have been sent by a colleague. And with new templates added every week, It’s easy to find the type of email template you want. First you quickly filter by difficulty level. Or look out for these handy flags First….Our Featured Templates These are the latest phishing attacks and seasonal campaigns. Helping you train users to identify real-world attacks hitting inboxes today and the seasonal campaigns they need to know about. And in the case of credential harvesting attacks you can also see the web page your users will be sent to after clicking the email And for the freshest campaigns – look for the New templates All of these have been added in the past 30 days. And every template can be fully customised later on. So let’s select our email and take a look at training
- #8: Realistic email templates are only the start With Phish Threat, you get a Single license model to keep decisions simple - covering Unlimited campaigns – unlimited templates and all the training modules available. Each course is an average of 5mins in length – making them extremely accessible for those busy employees And they cover a range of topics shown on screen. With each course containing a detailed summary and preview option for the admin and end user. And as we switch to the end user experience you’ll see the Seamless delivery of content in action – with no need for passwords. And the user benefits from a range of training content to support all learning styles = From videos, interactive courses and gamification, each with a combined knowledge check at the end.
- #9: Now training is very important. But what you need to be able to measure is if that education is changing user behaviour. Are they able to spot more real attacks now, and report them?
- #10: Well with the Outlook add-in for Phish Threat for enhanced reporting we can do just that. Allowing users to report malicious emails direct from the inbox and passing that data feed to Sophos Email, Endpoint and web security products through SophosLabs. And also surface that data in Sophos Central.
- #11: With new Phish Threat reports that allow you to really measure training effectiveness against reports of simulated phishing attacks. To prove effectiveness of training and knowledge retention. As well as providing: At-a-glance campaign stats Measure overall risk level & improvement Measure your organizations awareness
- #12: And combine that with how quickly users are reporting simulated phishing emails – allowing us to monitor behavior changing from knowing to doing – a really important distinction when combatting real cyber threats. And I’ll add this is one of a number of reports and dashboards providing insight in organizational, campaign and individual behavior.