falanx Cyber Falanx Email Phishing: Measure your resilience
Contents What is Email Phishing? 3 Why should I carry out an Email Phishing exercise? 4 PhishEd Managed regular phishing 5 Single assessments 6 Why choose Falanx Email Phishing? 7 About us Falanx Cyber deliver a complete end-to-end managed service that brings all of our services you for a single monthly fee. We combine traditional cyber security services such Penetration Testing, Consulting and Incident Response with our cutting edge managed service, MidGARD, to provide complete end to end coverage for your business. Acquired in 2018 by Falanx group, First Base Technologies is a leading cyber security testing, consulting and training services provider with three decades of experience. Providing services such as Threat and Risk Analysis (TARA) and Red Teaming, we help to defend your organisation in this ever-changing threat landscape.
What is Email Phishing? Email phishing is the most common tactic used by hackers to breach your defences and gain access to your network. The email will include a link or attachment and provide a compelling reason why the victim should open it. Once opened, the hacker will have control of the computer and can then take control of other computers on the network, with the aim of stealing sensitive information or encrypting the data and demanding a ransom payment to release it. Falanx offer two types of email phishing tests to assess your organisation s resilience to this type of attack: our managed phishing service for regular testing, PhishEd, or one-off assessments used to gauge your awareness at a single point in time. 3
Why should I carry out an Email Phishing exercise? An email phishing test assesses staff awareness to common phishing techniques used by hackers. Despite the increasing sophistication of email defence software, inevitably, a small number of emails will still reach the inbox of your staff. How those staff members react to that email can define whether a data breach occurs. Our services will educate staff on the common techniques that hackers use, teaching them the tell-tale signs that may indicate an email is not genuine. By regularly training staff to recognise the techniques hackers are using at that moment, you can make them your most important line of defence. 4
PhishEd Managed regular phishing. PhishEd is a fully-managed phishing service designed for regular testing of staff awareness. You provide us with a distribution list for each attack and we will design the email template using a variety of different scenarios. The email is then sent to everyone on the distribution list. Any employees that interact with the email can be taken to a customisable training page that shows advice on how to avoid similar attacks in the future. We can even embed our own video-based training into the page. We track all interactions with the phishing campaign: who clicked, who entered a password, the quality of that password, and any other relevant metrics. We then measure the improvement in response rates to each campaign, demonstrating the ROI of the testing and the tangible increase in resilience to phishing attacks. 5
Typical scenarios we can run include: Credential harvesting (e.g. fake email from the IT department tricking users into logging into a fake version of Outlook) Simulated ransomware attacks Business email compromise/ceo Fraud attacks targeting finance staff Simulated malware attacks Highly-targeted spear phishing Each of these scenarios is highly customisable, for example, simulating internal emails using your email signature. PhishEd is a perfect addition to our managed security awareness program. This combines the results of the phishing tests into face-to-face awareness sessions for all staff, delivered by the people that designed and executed the attacks. Rather than showing staff generic email phishing examples, we can demonstrate the attacks that your staff fell victim to, and how they can prevent it in the future. We teach the psychology of how phishing attacks try and trigger an emotional response in you - be it curiosity, fear or anger - and the simple techniques that can be used to recognise an attack. Single assessments Falanx can deliver one-off phishing attacks if you would like to measure your staff awareness at a single point in time. Any of the scenarios described in the PhishEd service can be delivered, tracking the same metrics of interaction with the email. A report is then produced describing the scenario, the results, and the risk to the business, were the attack to have been conducted by a real criminal group. 6
Why choose Falanx Email Phishing? Up to date: Our phishing attacks reflect the techniques hackers are using right now. Our team are constantly researching the latest trends and will build our attacks based on the real-world threat at this time. Measure improvement: Our PhishEd service will improve staff awareness, increase reporting rates of phishing attacks, and make you less susceptible to real phishing attacks that might cause a data breach. Fully Customisable: If there is a particular scenario you would like to test, we can create it for you. Culture Change: Combined with our highlycustomised training programme, use the results of the email phishing exercises to drive an increase in awareness throughout the business, starting with the board and cascading the training down. Increase awareness: We will show how the attack was constructed and combine it with general cyber security awareness training to provide a powerful message that can dramatically increase security. 7
Interested in finding out more about what Falanx s Email Phishing services can do for your organisation? Get in touch at info@falanx.com or call +44 (0) 20 7856 9450 Part of the Falanx group falanx Cyber falanx Technologies www.falanx.com