Recent Posts

Recent Blog Posts

The PhishLabs Blog

Why Security Awareness Training – Alone – Doesn’t Solve the Spear Phishing Problem

Posted by Jon Hilfiger on Jul 14, '16

Every CISO, in every industry, is aware that spear phishing can be a problem – a big one – despite millions of dollars invested in (necessary) layers of technology defenses. In May 2016, CSO Online reported ANOTHER three firms were hit by targeted phishing attacks – attacks that stole employees W2 data. I guarantee all of these firms had security devices in place on their networks. These attacks were a form of social engineering that bypasses traditional security technologies and much can be done to help enlist employees to be part of any company’s overall defense. Many CISO’s have done just that - taken steps to ensure their employees are aware and work to reduce the likelihood of opening a malicious email. But, this still isn’t solving the spear phishing problem. Companies have been conducting varying degrees of security awareness training for years. But, the attacks are still happening and they are successful in spite of the training. So, what is a well-intentioned CISO to do? Give up? Train more? Find a better training approach?

Read More

Topics: Threat Intelligence, Spear Phishing Protection, T2, Employee Defense Training

When It Comes To Security Awareness – Do You Want A Doctor Or A Personal Trainer?

Posted by Jenny Dowd on May 26, '16

Ahh, employees. They’re your greatest asset and your weakest link.

After all, it takes just one employee to click on a malicious link in a phishing email that leads to a data breach, compromising your entire organization.  No matter how great your training is, the human vulnerability can still be exploited by a crafty phishing email.

And apparently, there’s more than just one employee with risky behavior: the proportion of infections that result from user behaviors is between 70 and 95 percent.

But … why?

Read More

Topics: T2, security awareness training, EDT

What Makes a Good Simulated Phish?

Posted by Stephanie Fauvelle on Mar 31, '16


If your security awareness training provider offers personal banking phishing templates, then it’s a good idea to re-think your provider. Why? Because phishers aren’t sending fraudulent banking alerts to corporate accounts. Besides, who links their bank account to their work email anyway? Phishers continue to up their game, moving away from sloppy phishing emails ripe with spelling mistakes and other recognizable signs to sending craftier, what we’ll call, “lite” spear phish.

Read More

Topics: T2, Phishing Simulation, Employee Defense Training, EDT

Building a Business Case for Effective Security Awareness Training

Posted by Jenny Dowd on Mar 18, '16

Security education programs are sometimes mandated, always important, and often difficult to justify the investment. It is easy to get the powers that be to sign off on a once-per-year security awareness training program that will satisfy compliance requirements, but we all know by now that compliance does not equal security.

The Information Security Forum (ISF) has defined information security awareness as an ongoing process of learning that is meaningful to recipients, and delivers measurable benefits to the organization from lasting behavioral change.

So to achieve this, a bigger investment, in both time and money, is needed to implement a continuous security awareness training program that is effective at changing employee behavior – one that includes ongoing simulation training. More money, more time invested, and a goal to change employee behavior means more stakeholder approval will be required.

Read More

Topics: Awareness Training, T2, Phishing Simulation, Employee Defense Training

5 Tips for Evaluating Phishing Simulation Solutions

Posted by Jenny Dowd on Feb 17, '16

Setting up an effective security awareness training program

There are plenty of articles out there touting the ineffectiveness of security awareness training. I do not disagree, because a lot of solutions out there enable you to ‘check the box’ on your compliance requirement for employee training, but they do little to condition your employees not to fall victim to spear phishing attacks. We recently published a blog post on why the right kind of security awareness training is effective – and crucial.

Once a year compliance training for information security will not motivate your employees to change their behaviors, nor will it lead to meaningful long-term retention of the lessons. A program based on current, real-world attack data, with on-going simulation training will yield greater results by reducing your employees’ susceptibility to phishing attacks and conditioning them to report potential threats.

Read More

Topics: T2, Employee Defense Training, security awareness training

Is Security Awareness Training a waste of your money?

Posted by Stephanie Fauvelle on Feb 9, '16

With all of the companies out there offering their latest and greatest security awareness training products, it’s worth asking, is this a waste of my company’s money? Jerry Bell and Andrew Kalat, from the Defensive Security Podcast, argue that expecting your employees to be your first line of defense is “completely BS.” They believe that implementing a security awareness training program that includes simulated phishing tests gives a false sense of hope and ultimately, isn’t worth the money. What does the evidence say? 

Read More

Topics: Phishing, Spear Phishing Protection, T2, Employee Defense Training, security awareness training

Employees are going to get phished. Why even bother with awareness training?

Posted by Stacy Shelley on Feb 4, '16

Recently, I had a call with a rather prominent analyst in the cyber security community. We were having a pretty good conversation about security awareness training, focusing on the T2 Employee Defense Training service we launched this week. As the conversation was wrapping up, he said, “You know, I’ve always believed that trying to train employees for phishing emails was pointless. No matter how good the training is, someone is still going to fall for an attack. So why even bother?”

Read More

Topics: Awareness Training, T2, Employee Defense Training, security awareness training

The first spear phishing protection solution driven by real-world intelligence

Posted by John LaCour on Feb 2, '16

Today we announced a new solution that I believe will transform how organizations counter spear phishing attacks. We call it T2 Spear Phishing Protection, and it takes advantage of our deep insight into phishing attacks to prepare organizations for the real-world attacks they're most likely to be targeted with, and then mitigate those attacks before damage is done. To do this, it enlists employees in the defensive network and uses our 24/7 SOC to analyze and respond to threats.  

Read More

Topics: Spear Phishing, Awareness Training, T2, Phishing Simulation


What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events


Posts by Topic

see all