• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Business   »   Arm your users with knowledge to spot phishing attacks – for free!

Arm your users with knowledge to spot phishing attacks – for free!

  • Posted on:April 17, 2018
  • Posted in:Business, Security
  • Posted by:
    Chris Taylor
0

Attendees to the Black Hat 2017 security conference said their No. 1 security concern and most time-consuming activity was phishing and social engineering attacks. That’s no surprise with the increase in Business Email Compromise (BEC) attacks and with most ransomware being delivered by email.

But Black Hat Attendees also said the weakest link in their security strategy was end users who are susceptible to phishing and social engineering.

[source: https://www.blackhat.com/docs/us-17/2017-Black-Hat-Attendee-Survey.pdf]

That’s why we’ve introduced a new free service, Phish Insight. With it, businesses of all sizes will finally be able to generate exactly the information they need to craft more effective security awareness and training programs. Best of all, it is completely free!

The top threat vector

Email is still the biggest threat vector impacting organizations today. Trend Micro’s Smart Protection Network blocked more than 66.4 billion threats in 2017 and over 85 percent of these were emails containing malicious content. Phishing is among the most common tactics used by cybercriminals. Employing social engineering tactics, they typically aim to trick the user into clicking on a malicious link or opening a malware-laden attachment. This in turn could lead to a ransomware download or even be the first stage in a more covert info-stealing operation designed to lift customer data or highly sensitive intellectual property.

In 2017, 94 percent of all ransomware blocked by Trend Micro was distributed via email. What’s more, the latest stats from Verizon claim that phishing represented 93 percent of all data breaches recorded in 2017. BEC is another rising threat to the organization which relies on tricking the end user, this time into making corporate wire transfers to the hacker, who is impersonating the CEO or other senior executives. Trend Micro predicts such scams will lead to cumulative losses in excess of $9 billion this year.

On the frontline

As social engineering and phishing tactics play an ever greater role in cyber-attacks, the stakes will only increase. The share price of one aerospace company is said to have fallen 38 percent after it was hit by a BEC attack which resulted in losses of over €50m ($62m). So what’s the answer? Clearly we need to get better at strengthening our weakest link in the cybersecurity chain: our employees.

Unfortunately, unlike technology, staff can’t be patched. But with the right kind of education programs they can be taught how to spot email scams. According to Verizon, 4 percent of targets in any given phishing campaign will click on it. That may not sound like much. But it only takes one misplaced click to potentially land your organization in trouble.

Introducing Phish Insight

We know that awareness and education programs are an important complement to cybersecurity tools and technologies. But how do you go about crafting an effective program? This is where insight into user behavior becomes crucial.

Phish Insight allows you to quickly and easily generate that insight — completely free of charge. Organizations of all sizes can get started: all they need is one administrator and a few minutes to create a phishing campaign. They can select recipients choose a template according to behavior or topic for phishing, and even customize the phishing exercise by subject, graphics, language and so on. Admins can also set the duration of the awareness “campaign.”

Once the campaign is underway, insight will be fed back via detailed stats in the Monitoring Center. IT Teams can see who has been caught at an employee level and can also identify if certain departments or regions are more at risk than others. It’s this information that they can then use to improve training programs. How they do this is up to the customer, but next steps could include issuing an automatic email alert if they are successfully phished, and/or routing them to online training on phishing awareness. The premium version is free upon request and also includes an Outlook plugin which adds a button for users to alert their security team of suspicious emails.

“We count on Trend Micro as a security partner, with that comes the expectation that they will deliver the latest methods to detect, assess and react to threats,” said Niall O’Beaglaoi Business Development Manager with Smarttech, “Their newest tool, Phish Insight, has provided invaluable information on how users perceive and interact with phishing emails.”

For 30 years Trend Micro has been working to make the world safer to exchange digital information. We’re making this service available free of charge because there’s a real opportunity here to radically improve baseline security for countless organizations. Humans are creatures of habit, and If you can persuade them to adopt good practices then you’ll be taking a massive step on the road to a more proactive cybersecurity posture. That all begins with better insight: with Phish Insight.

Related posts:

  1. Phishing, Part 1: On the Lookout
  2. Phishing: A Main Concern for Enterprise Security
  3. This Week in Security News: Phishing Attacks and Ransomware
  4. Knowledge is Power: The societal and business impact of big data

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.