Phishing (n): Phishing is a social engineering technique where cyber attackers attempt to fool you into taking an action in response to an email. Phishing was a term originally used to describe a specific attack scenario... The term has evolved and often means not just attacks designed to steal your password, but emails designed to send you to websites that hack into your browser, or even emails with infected attachments.
--SANS Security Awareness Terms & Definitions, http://securingthehuman.sans.org/resources/security-terms
Our partnership with REN-ISAC and SANS has allowed us to obtain a discount on SANS' Securing the Human Phishing training.
While it's impossible to calculate accurately how many phishing attacks happen in a given year, some security firms report that their anti-phishing protections are triggered more than 100 million times in a year. That's a single firm, for a single year. The cost of dealing with these attacks is monumental, and defending against them isn't getting any easier.
There are, however, some steps you can take to help protect yourself and your organization. Perhaps the simplest is education. SANS Securing the Human Phishing will educate your users on identifying and mitigating phishing attacks, helping to protect themselves and your organization.
As a managed service, you will be assigned a Client Success Manager as well as have access to Subject Matter Experts. Together, they will work with you to first plan the overall direction and goals of your phishing program.
The SANS team will phish your users on your behalf and will allow:
- A selection of phishing emails and training templates
- Send emails to employees within your organization in a manner that is consistent with what real criminals are doing
- Determine which individuals have fallen victim
- Provide immediate feedback and training
- View and address existing vulnerabilities in order to reduce risk