Strengthen resilience with continuous phishing tests
Phishing is one of the foremost cyber threats to all types of organizations today. The concept is basic but effective; the attackers target the company’s employees to gain a foothold in the organization, and can then escalate the attack from within. As part of the solution to the problem, Sentor has developed the RedSOC Phishing service; a form of awareness training that continuously tests and educates users in phishing, and thus increasing the organisation’s resilience to future attacks.
Phishing as an attack method is not a new phenomenon in itself. However, in recent years we have been able to see how the method has been significantly refined and developed: emails are often well-crafted and sometimes tailor-made for a person and/or organisation, utilising correct first name and lastname, valid filenames, correct language and content that are of interest to the user.
The method has proven to be very effective. Many of the incidents we investigate were caused by a phishing attack where one or a few users clicked on a link in an email. In many cases, this action enabled an attacker to gain a foothold in the organisation and, by extension, take over the entire IT environment.
The solution – Continuous tests that increase the awareness of your employees over time
The problem with phishing is not primarily a technological problem, but an awareness and behavioural one. The key is to get the user to be more attentive to messages and not execute files or click on links without viewing them with a critical eye.
Sentor offers a phishing service where trustworthy crafted emails are continuously sent to a defined set of users for the purpose of informing and educating those who click on the phishing links. This procedure is then repeated monthly to gradually harden users and lower the number of clicks. The outcome is measured and followed up according to predefined KPIs to ensure that the desired result is achieved.
Created and developed by Sentor’s RedTeam
Sentor’s phishing service has been designed and is being delivered from our RedSOC: the offensive part of Sentor’s SOC that consists of combined expertise within social engineering and penetration testing. This means that the simulated attacks always will be rooted in real-life threats and the development in this area.
The campaigns are designed with regard to both language, target group and technical environment. For example, a so-called spear-phishing campaign may specifically target a management team or finance department, which is more likely to be subject to more sophisticated attacks than other employees.
Benefits of RedSOC Phishing from Sentor
- Continuous testing and raised awareness among your users as well as user behavior statistics over time
- Authentic campaigns that have been developed by true experts in the field
- Direct feedback with information about the campaign and the risks of phishing to those who click or respond to phishing emails