There are many companies offering a phishing testing capability be it a SAAS solution, SAAS offering white labelled testing and supplied by a small third party supplier or a customised service.
Our approach is to use a targeted phishing campaign approach as it most closely simulates the actions taken by an attacker. The stages include reconnaissance, tailoring of emails to target specific employees and the use of custom domains.
Our approach is to use a targeted phishing campaign approach as it most closely simulates the actions taken by an attacker.
As well as mimicking real attacks closely this approach ensures that quality is maintained; we’ve seen some automated services reducing the quality of follow-up campaigns to ensure that the value of testing is shown.
Which brings us to the subject of regular testing. A phishing test is clearly a point in time measure which gives a view on current susceptibility. As such follow-up testing is necessary to measure the effectiveness of any intervening attempts to improve on how staff deal with phishing attempts.
We are proud to partner with 7 Elements – SME Cyber Defender of the Year for Phishing Testing to deliver high-quality testing coupled with innovative experiences and learning.
If you enjoyed this post please come back regularly for further updates including upcoming information of security awareness events across Scotland and further afield. @adv_engage