Phishing simulation exercises, by Michael Jenkins
0 likes1,917 views
The document discusses phishing simulation exercises and outlines some key points: 1) Email is the number one threat vector, with over 225 billion emails sent per day and 90% of threats starting by email. 99% of hackers rely on users running malicious code. 2) Phishing simulations measure an organization's susceptibility to these email-based threats, with average click rates of 15% in healthcare, 14% in the public sector, and 11% overall. 3) Educating users is important, as people are the targets of these threats and must be made aware of criminal tactics, techniques, and procedures used in attacks.
Phishing simulation exercises, by Michael Jenkins
- 1. Phishing simulation exercises Michael Jenkins, Brunel University
- 2. EMAIL IS THE No 1 THREAT VECTOR 225B e mails per day 90% THREATS START BY E MAIL 99% OF HACKERS RELY ON USERS TO RUN MALICIOUS CODE IMPACTS: MALWARE INFECTION / COMPROMISED ACCOUNTS / LOSS OF DATA Threats using social engineering
- 3. Human Click Enabled v Technical Threats
- 6. Executive Assistants Head of Legal Affairs HR Director COO CFO Finance Staff IT Staff Threats by Individuals
- 7. Spoofing E mail addresses The tools necessary to spoof email addresses are surprisingly easy to get. All you need is a working SMTP server (aka, a server that can send email), and the right mailing software.
- 8. Which tools are used to train users?
- 9. Who measures an organisations susceptibility? 2015 2016 2017 63% 66% 75% Average click rates: Healthcare 15% Public Sector 14% HEI’s ? All 11%
- 10. People are targets must let them know they are targets must let them know criminal TTP’s people make defence work
- 11. Video of the threat…….. Tactics, Techniques, and Procedures…..(TTP’s) Youtube Video: An Anatomy of an Attack WE ARE A TARGET
- 12. Cyber Attacks – The Adversary Not Just Security – It’s Defence
- 14. The Kill Chain
- 17. Staff Phish
- 18. Student Phish
- 21. Any questions?