There is little doubt that the volume of phishing attacks is increasing and that phishing attacks are becoming more sophisticated. To counter the threat from phishing, many organizations are implementing phishing awareness solutions. However, some phishing awareness solutions fail to reduce the susceptibility of users in real-life scenarios.
The reason for some phishing awareness solutions failing to reduce the susceptibility of users in real life scenarios is that the solutions are provided with a library of phishing scenarios that does not reflect the organization´s operations or that are easy to spot as phishing simulations due to being delivered to an email address the apparent sender of the email would not be aware of.
For example, if an organization does not use Microsoft365, a simulated phishing email alerting a user that their Microsoft365 password is about to expire is going to easily be identified by the user as a test. Similarly, a simulated phishing email advising a user of unusual activity on their personal social media account is not going to be treated as genuine if sent to a corporate email address.
Limited Templates Can Result in a False Sense of Security
The other issue with phishing awareness solutions with fixed libraries of phishing scenarios is that, if an organization only uses the phishing templates appropriate for the organization´s operations, the organization has less scenarios to choose from, and the likelihood increases that users will recognize simulated phishing emails as a test, because they have seen the simulations before.
When simulated phishing emails are easy to spot or the same tests are used repeatedly, employees score highly in phishing susceptibility tests – giving organizations a false sense of security that their “last line of defense” is stronger than it actually is. Consequently, phishing awareness solutions with fixed libraries could actually exacerbate the threat of phishing rather than help prevent it.
Many Solutions Also Overlook the Threat from Inside
An often overlooked threat from phishing exists when an external bad actor takes remote control of an employee´s corporate email account. Once in the control of an external bad actor, the corporate email account can be used to conduct spear phishing or business email compromise attacks on selected members of the workforce or to phish the entire workforce into revealing credentials.
However, despite the potential seriousness of the threat from inside, many phishing awareness solutions do not account for this possibility in phishing simulations. Therefore, any phishing awareness solution deployed by an organization not only has to be customizable to reflect the organization´s operations, but also to account for the possible threat from inside.
Customizable Phishing Awareness Solutions from SafeTitan
SafeTitan is an enterprise-scale security awareness training and phishing simulation platform within the TitanHQ portfolio of cybersecurity solutions. The phishing simulator includes more than 1,800 customizable templates for conducting real-life phishing tests on employee, with automatically generated training content delivered immediately if a user falls for a simulated phish.
With regards to the “threat from inside”, SafeTitan´s enables organizations to change the sender email address to a corporate email account with a simple modification to the SPF record, and every user interaction is recorded so that system administrators can identify repeat offenders, specific weaknesses, and high-risk departments to direct training where it is needed.
To find out more about SafeTitan´s customizable phishing awareness solutions, do not hesitate to get in touch to discuss your requirements with one of our security experts. Alternatively, you are invited to book a demo of SafeTitan in action to see how SafeTitan security awareness training can help protect your users and your organization from email-borne threats.