TSG introduces latest defence against cyber-attacks: Phish Threat

‘The world’s easiest-to-use attack simulator’

The latest Ransomware attack dubbed ‘Goldeneye’, which used a variant of the Petya strain, was a disastrous blow to organisations across the globe and has catapulted IT security back into the headlines over the past week.

The rapidity and unpredictability of these attacks have undoubtedly struck fear into the hearts of governments and businesses across the world. The question that must be answered and actioned is: how can you protect your business? We’re introducing a new solution to our portfolio: Sophos Phish Threat.

What is Sophos Phish Threat?

A phishing email is an attempt by a scammer to either trick you into handing over personal information or sending users malicious files in order to directly deliver Ransomware to your PC. This can be done via attachments or web links.

In simple terms Sophos Phish Threat provides a toolkit that allows businesses to generate a phishing email to test their employees. This email is designed to mirror a real phishing attack, enticing staff to hand over personal details or infecting their machines with Ransomware. Phishing emails aim to persuade people to hand over passwords and login credentials that hackers can then use to log into additional accounts, causing as much destruction as possible. This is a huge threat given that according to Password Boss, 59% of users reuse passwords.

This cleverly-designed email hits their inbox and if employees open the email (essentially falling into a cyber-trap) they are then directed to a screen informing them about what has happened. Employees are then provided with online training relating to cyber security, vigilance when opening emails etc.

From this, businesses can access a suite of reports clearly measuring the effectiveness of the campaign and training. This provides a very clear understanding of your employee’s awareness of cyber security and also provides essential training which to protect your business in the future. Phish Threat is cloud-based and lives in Sophos’s cloud system, Sophos Central. 

Why use Sophos Phish Threat?

By adopting a tool like Phish Threat, companies are able to measure the level of IT security awareness within their organisation and act upon it. The platform can provide you with the level of knowledge your staff holds on cyber-attacks and you can see in black and white reports not only where your organisation is currently, but also improvements to be made as you continue to send out emails to benchmark how the organisation as a whole is progressing.

Phish Threat is a very interactive and engaging way to inform employees on the importance of their vigilance and online activities. This doesn’t entail hours in a conference room and death by PowerPoint, it’s an email directly to their inbox; much more engaging and ultimately effective.

A huge piece of the IT security puzzle is the culture within an organisation; a lack of awareness that isn’t necessarily malicious but can be extremely dangerous when it comes to cyber-attacks. These emails are a great way to give employees little prompts to reinforce a vigilant and security aware culture. 

Why is it crucial for companies to educate their staff on cyber security?

95% of successful hack attacks or incidents were because of some type of human error. – IBM Cyber Security Intelligence Index

Ransomware and countless other cyber-attacks are hitting the headlines on a weekly basis. Interest among employees is higher now that it’s ever been due to the coverage and frequently emerging horror stories of businesses and governments hit.

Now is the time to act. A cyber-attack doesn’t just cause a headache for the IT department, it can mean full loss of critical data (emails, documents, etc) and loss of earnings as businesses are brought to a complete standstill. In a worst-case scenario, a cyber-attack could result in a business shutting down. This is a prevalent threat more than ever now as most businesses operate to greater or lesser extent online.

Education and this culture shift from innocent ignorance to IT security awareness and vigilance is a crucial part of any IT security strategy. Phish Threat is an effective and measurable tool that can train and raise awareness throughout an organisation.  

Verizon’s Data Breach Investigations report stated that 95% of advanced and targeted attacks involved spear-phishing scams with emails containing malicious attachments that can cause malware to be downloaded onto the user’s computing device. 

Think you’re safe from cyber-attacks? Think again

TSG has not only added Phish Threat to our product portfolio, we’ve also adopted it internally. No company is immune to these attacks – not even in the IT industry! We practice what we preach; raising awareness of cyber-attacks and educating staff is definitely on the agenda at TSG.

Attacks are evolving at an alarming rate and it’s becoming easier than ever for cyber criminals to spread these attacks. With offerings across the dark web such as malware-as-a-service and Ransomware-as-a-service bundled up into an easy-to-access package, the attacks businesses are facing across the world are ever evolving and increasing. Protect your business today.

As ever, Phish Threat shouldn’t sit in isolation but should be part of a holistic approach to security including encryption, mobile device management and, of course, Intercept X which is a new generation of Ransomware protection. Read our blog on how to put together a multi-layered IT security strategy.