The PhishLabs Blog

Jenny Dowd

Recent Posts

Security Awareness Training: A Recipe for Success

Posted by Jenny Dowd on Jan 4, '17

In recent months we’ve written a lot about security awareness and employee defense training. It’s an involved topic, clearly, and if you’ve taken away anything we hope it will be this:

If you want real, measurable improvements you must test your employees. And when it comes to email security, that means phishing your employees on a regular basis.

In this post, we’ll take a deep dive into a managed employee defense training program, and examine the ins and outs of effective security awareness training. From planning to post-game analysis, here are the best practices for managing your program.

 

Read More

Topics: EDT

How to Calculate ROI for Security Awareness Training

Posted by Jenny Dowd on Nov 22, '16

Frustrating, isn’t it?

You put all that effort into designing a security awareness training program… 

But is it helping keep your organization safe? Or is it just satisfying your compliance requirements?

The truth is you have no idea. After all, how can you measure return on investment (ROI) for something intangible like security awareness training?

Read More

Topics: Phishing, Spear Phishing, security awareness training

How and Why You Should Calculate Your Organization's Cost of Phishing

Posted by Jenny Dowd on Nov 15, '16

Everybody knows phishing is costly to their organization. 

But how costly? Few organizations know for sure.

Plenty of studies have claimed to calculate the cost of phishing, but the results are usually hard to swallow. For instance, does phishing cost your organization $1.6 million per incident? Or $3.7 million per year?

Perhaps... but probably not.

The issue with these figures is that they're averages, heavily skewed by data from huge organizations. The results may be interesting, but they're of little use to most organizations.

Read More

Topics: Phishing, Spear Phishing, security awareness training, cost of phishing

Why Your Security Awareness Training Isn't up to Par (And What to Do About It)

Posted by Jenny Dowd on Nov 10, '16

Most security awareness training is boring, infrequent, and ineffective. And the worse part is… everybody knows it.

But why? How did we get to this point? And who does all this sub-par security awareness training benefit?

To answer these questions we’ll need to examine one of the main drivers: Compliance.

Read More

Topics: Phishing, Spear Phishing, security awareness training

Do We Overlook the Best Line of Defense Against Cyber Attacks?

Posted by Jenny Dowd on Oct 25, '16

Cyber Security Awareness Month presents us with the opportunity to catch up on security trends, gauge our security posture, and assess what gaps and exposure may exist.  Do we have blind spots? Or are we overlooking assets readily available to us?

We all know spam filters do not catch 100% of spam, and 1.5% of spam contains malicious links. So when you have one in five employees clicking on phishing emails, you are at risk.  This is not news, right? We all know there is no magic bullet for cyber security, and the best that we can hope for is a strong defense.

When planning the best defense, we often overlook that the best defensive line is right in front of our faces – our employees.  We often think of them as our liability because no matter how many technology controls we put in place, we know statistically that 1 in 5 of them is going to click on a phish.  This week's #CyberAware focus will highlight how, with proper training – and we’ll talk about what ‘proper’ is – you can condition your employees to not just avoid falling for phishing emails, but to actively report phishing attacks to your security team. You can make your employees part of your defense.

Read More

Topics: security awareness training, Cyber Security Awareness Month

So You've Been Infected with Ransomware...

Posted by Jenny Dowd on Aug 18, '16

That awful moment…

You’re working away, getting tasks ticked off left and right… 

And then it happens. A terrible sinking feeling grips your stomach, and you know immediately what’s happened.

You’ve been infected with ransomware. The screen in front of you is filled with demands about Bitcoins, Tor, and encryption keys.

So what now?

You’ll have to tell your boss, of course. But once that’s done, there are some important tasks for you to complete.

Read More

Topics: Phishing, Hacker Tools, Ransomware, Spear Phishing

How to Defend Against Ransomware: The Three Stages

Posted by Jenny Dowd on Aug 9, '16

So far in this series we’ve covered the anatomy of a typical ransomware attack, and looked at some of the most common ransomware families

And that’s useful information to have, but it doesn’t answer the important question: 

How do I keep my organization safe?

So in this article we’ll go through some of the security measures you can take to minimize the likelihood of falling prey to a ransomware attack.

The most important thing to realize is that there’s no magic bullet. There’s no single approach, product, or vendor that can guarantee your complete safety from ransomware… or any other form of cyber attack, for that matter. (If you hear one tell you that, run away fast!)

Instead, there are three stages of defending against ransomware that you and your partners can use to make a ransomware infection far less likely.

Read More

Topics: Phishing, Hacker Tools, Ransomware, Spear Phishing

A Spotter's Guide to Ransomware

Posted by Jenny Dowd on Aug 3, '16

Ransomware is becoming an epidemic. 

From schools and hospitals to police departments, pharmaceutical companies, and even private citizens, it seems like nobody is safe.

And, of course, they aren’t.

So with that being the case, let’s take a look at the different types of ransomware, the most prominent families of 2016, and what’s driving so many threat actors to use this particular style of cybercrime.

Read More

Topics: Phishing, Hacker Tools, Ransomware, Spear Phishing, Bitcoin

The Anatomy of a Successful Ransomware Attack

Posted by Jenny Dowd on Jul 27, '16

 

You gasp.

Your head hangs, and your heart races. The instant you clicked, you knew something was wrong.

That email seemed so official, and all you did was follow a link… How did THIS happen?

But it’s too late for that now. What’s done is done.

You’ve been infected with ransomware, and now you’ll have to admit it to your boss.

Some difficult questions will be coming your way soon, but before we get to that…

Read More

Topics: Phishing, Hacker Tools, Ransomware, Spear Phishing, Bitcoin

Five Strategies to Motivate Your Employees to Behave Securely

Posted by Jenny Dowd on Jul 19, '16

Your people are not computers – you can’t program them to avoid 100% of phishing attacks any more than you can program them to eat healthy 100% of the time. That’s the bad news. And it’s not really news to you, is it?

But I’ve also got some good news: people can change their behavior. Which, when done effectively, can be even more effective than programming.

Read More

Topics: T2, Employee Defense Training, security awareness training

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_