5 businesses that protect employees by teaching them ‘how not to get phished’. As the Cyber Industry is flourishing, we track the Innovators.
“95% of cyber attacks start with an employee being tricked” says hook, one of many businesses attempting to make it big in the “Cyber Education / Security Awareness” space. And they’re right, of course - that whilst Advanced Cyber Security Technologies can protect Networks, Apps and Cloud Systems, the weakest link as, it’s known is us human beings.
Phishing, or rather how to spot, report and importantly not click on a phishing email is already part and parcel of most Enterprise’s Security Awareness Training, but as phishing is big business, so too is preventing it. Phishing has evolved from the ‘email that looks real’ to involve a greater set of tactics, techniques and procedures (TTPs). Phishing is no longer limited to email, but includes any messaging on any device, and includes social. Indeed today it is as much about advanced Social Engineering as it is about spotting a spoof email from your bank.
A new category of service is emerging to help businesses protect against inadvertent employee error / action (as a threat vector). Many businesses are focussing on the phishing problem, delivering phishing awareness (and also protection) to the Enterprise, to the mid market, and some to SMEs.
Phisme comprises 4 key areas: Recognise, Report, Respond and Research. “PhishMe believes employees – humans – should be empowered as part of the solution to help strengthen defences and gather real-time attack intelligence to stop attacks in progress.” We caught up with Phishme at InfoSec this week, with an impressive presence at the show they are aimed at mid to large businesses and are already working with many.
phished was also at InfoSec this week; they had a huge stand at the show, which might seem odd for a relatively simple information Security proposition, until you learn they are part of MWR . phishd offers a full suite of services to tackle the problem within the Enterprise; from simulated attacks, to employee threat intelligence, to security awareness workshops to password auditing.
Wombat offers a comprehensive SaaS-based model of “reconfigured or customized attack campaigns and Teachable Moments in more than 25 languages.”
PhishingBox aims to make testing employees easy. “With PhishingBox, any company can evaluate the human element of security. PhishingBox makes social engineering testing simple.” Phishingbox is pitching its ease of set up and use, and it integrates with other Learning management Systems so a business can build Phishing Training into other Security or Corporate Training systems. With a free test, and easy to buy SaaS products- A Single Company Plan starts at $66 per month.
hook (a startup in the space backed by BAE, Cylon and rise is perhaps the simplest concept, and certainly has appealing low cost entry level pricing (£3 per person tested). Hooks (tests) are updated based on the latest Cyber Attacks so hook is great for continual testing based on the fact that Cyber attacks evolve rapidly.
It’s likely the market will evolve quickly and we’ll see phishing awareness bundled with other security awareness propositions for employees, with advanced services securing both ends of the problem - empowering the employee and also investigating the attack.
There’s a phishing awareness and protection to suit all businesses, with the more advanced offerings hooking nicely in SOCs and SIEMs, and able to contribute to new Threat Intelligence. For a business of scale, with many employees, especially those who have valuable data and whose employees might be soft ‘targets’ for hackers, Phishing awareness training seems like a no brainer.