If your security awareness training provider offers personal banking phishing templates, then it’s a good idea to re-think your provider. Why? Because phishers aren’t sending fraudulent banking alerts to corporate accounts. Besides, who links their bank account to their work email anyway? Phishers continue to up their game, moving away from sloppy phishing emails ripe with spelling mistakes and other recognizable signs to sending craftier, what we’ll call, “lite” spear phish.
Security education programs are sometimes mandated, always important, and often difficult to justify the investment. It is easy to get the powers that be to sign off on a once-per-year security awareness training program that will satisfy compliance requirements, but we all know by now that compliance does not equal security.
The Information Security Forum (ISF) has defined information security awareness as an ongoing process of learning that is meaningful to recipients, and delivers measurable benefits to the organization from lasting behavioral change.
So to achieve this, a bigger investment, in both time and money, is needed to implement a continuous security awareness training program that is effective at changing employee behavior – one that includes ongoing simulation training. More money, more time invested, and a goal to change employee behavior means more stakeholder approval will be required.
Today we announced a new solution that I believe will transform how organizations counter spear phishing attacks. We call it T2 Spear Phishing Protection, and it takes advantage of our deep insight into phishing attacks to prepare organizations for the real-world attacks they're most likely to be targeted with, and then mitigate those attacks before damage is done. To do this, it enlists employees in the defensive network and uses our 24/7 SOC to analyze and respond to threats.