Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Simulated Phishing Exercise - What is it and Who needs it?

published on 2023-03-08 06:23:01 UTC by Steven Duckett
Content:

A ,Simulated Phishing Exercise is essentially a test where realistic (but safe) Phishing emails are sent to your staff members to see if they can spot warning signs and red flags and consequently follow the correct procedures to deal with the Phishing email.

In 2023, the Cyber Security Breaches Survey found that 89% of businesses suffered phishing attacks. This shows that all businesses, from sole traders to large corporations, must test and train their staff against the dangers of Phishing attacks.

https://www.youtube.com/watch?v=xQi9zdxSLBo

How often do you need a Simulated Phishing Exercise?

The frequency of Simulated Phishing Exercises is a fine line, conduct them too often, and they begin to lose their effectiveness, but leaving too much time between campaigns can lead to an employee’s awareness declining.

This is why the North West Cyber Resilience Centre recommends conducting a Simulated Phishing Exercise once per quarter (Once every three months). This is because our research shows that this period allows businesses to implement the necessary procedures/policies and retrain key employees.

https://video.wixstatic.com/video/78c8a8_97b5508f0e844f5dab87fdeb772c5cfc/720p/mp4/file.mp4

What is the process of a Simulated Phishing Exercise?

The North West Cyber Resilience Centre staff will conduct an initial scoping call to determine how many staff are to be included in the campaign, what style of email template(s) are required for the Phishing emails, and dates/times the campaign should run from/to.

The first Simulated Phishing Exercise is a baseline assessment when paired with our ,Security Awareness Training program. It can be compared to future campaigns to determine the effectiveness and review improvements in staff cyber awareness.

The aim is that your staff will be able to spot common warning signs and indicators (including but not limited to those below) and report the email in line with businesses processes/policies:

  • Unusual “From” email address
  • A “Reply-To” email address that is different from the “From” email address
  • A sense of urgency in the tone of the email body
  • An unusual email topic, such as confirming bank details or installing a software/application that is not used by the business
  • An unusual email that asks the recipient to enter/confirm Personally Identifiable Information (PII)

How long does a Simulated Phishing Exercise take?

After setup is completed, the campaign will run for 1-2 weeks; this is usually done within a time frame that mimics that of an attacker to make the scenario as realistic as possible.

Once concluded, our team will produce a comprehensive report detailing all of the actions taken by your staff and explaining the risks associated with these actions. This will also be backed up with graphs and key statistics.

Will a Simulated Phishing Exercise affect our normal business operations?

No, our Simulated Phishing Campaigns are designed to run alongside normal business operations with minimal impact. Any email templates we use will not be malicious, and our team will keep you updated with the times/dates the campaign is running so you’re always aware of what is happening.

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats with a ,Simulated Phishing Exercise today.

Article: Simulated Phishing Exercise - What is it and Who needs it? - published over 1 year ago.

   
Published: 2023 03 08 06:23:01
Received: 2023 05 17 23:07:20
Feed: North West Cyber Resilience Centre
Source: National Cyber Resilience Centre Group
Category: News
Topic: Cyber Security
Views: 0

Custom HTML Block

Click to Open Code Editor