Simulated Phishing and Cyber Security Awareness Training

Phishing and Cyber Security Awareness Training

Cyber Security is Everyone's Responsibility

One of the most common causes of information security incidents are social engineering attacks, where a malicious actor directly targets the human element of cyber security. These attacks can result in ransomware or other malware being deployed, business email compromise, all the way through to data breaches.

Simulated phishing services complement internally or externally held cyber security awareness trainings by providing real-world practical scenarios to cement learning and foster a security-first culture. Phishing as a service provides clients with up-to-date techniques utilised by real attackers, as well as visibility into performance and result metrics.

Simulated Phishing

Our Phishing as a Service utilises real world phishing tactics to test your organisation and staff against business email compromises.

Using practical testing exercises help to increase the resiliency and awareness of your staff, resulting in better protection of your organisation as they learn to recognise phishing emails over time.

This service provides reporting per campaign, with multiple options of date, time, and email templates available.

Read More →

Cyber Security Awareness Training

This awareness component, delivered by information security experts, helps to train staff to recognise phishing attempts, follow best practice when it comes to information security, and educates them as to the importance of good security practises. Understanding what can happen from clicking on a malicious email, from ransomware to business email compromise is an important part of motivating staff to keep security front of mind.

Read More →

Simulated Phishing

Real-world adversaries heavily exploit staff through social engineering attacks or by masquerading as legitimate organisations in a phishing attack, most often via email though increasingly through SMS. Staff who interact with these malicious emails may unknowingly expose the organisation to a business email compromise (BEC), giving adversaries sensitive information, or access to internal networks through delivery of malware.

How does simulated phishing help reduce business risk?

Staff are a key first line of defence against social engineering attacks such as phishing; the ability to spot a phishing attempt and take appropriate action to report the email is critical to preventing business email compromise or to reduce the impact of ransomware or other malware.

As attackers continue to improve their delivery methods and the complexity of attacks, phishing attempts can become difficult to spot, which is why having an information security specialist conduct the simulations with the latest up-to-date techniques can be necessary.

What should I expect from a phishing campaign?
At Security Centric, we keep a close eye on advancing phishing methods, topics (such as subject lines and message content), and masqueraded organisations to consistently build up-to-date simulated phishing campaigns. By delivering these simulated emails in a safe environment to your staff, we can help build the skills needed to safely spot and action phishing attempts, without fear of putting the business at risk. Staff can then re-enforce their practical skills with security awareness training to ensure that not only can they identify a phishing attempt, but that the organisational impact and risk is well understood as to why phishing attempts should be prevented.
How often should we run simulated phishing activities?
A recent study conducted by academics from several German universities tested the effectiveness of phishing training over time. The researchers determined that employees lost their ability to detect phishing emails six months after their initial training.

Given the ongoing remote working due to the pandemic, combined with the ever-changing types of phishing and scam emails, regularly re-training staff on security policies around email and how to detect phishing can help organisations to fend off attacks.

Awareness Training

For organisations that have specific information security compliance requirements, Security Centric’s online training provides a convenient and cost-effective way to achieve the necessary general user training. Training is available for ISO27001, ISM, PCI-DSS and other security standards and can optionally be hosted in a face-to-face format by Security Centric's subject matter experts.

Why do organisations need cyber security awareness training?
The importance of security awareness training cannot be understated. We all learn best when utilising a multi-modal approach; through simulated phishing campaigns, staff build practical and physical skills to identify and report phishing attempts in a safe environment, while online or face-face security awareness training provides the theoretical ‘why’.
Online training options

While organisations understand the importance of security awareness training, taking staff away from their main job for a course can be challenging. Security Centric offers online security awareness training that covers all core aspects of information security delivered as a series of learning modules, each approximately 2 minutes in length. This gives organisations the option to have staff complete the course at their own pace, or in their own time as appropriate.

For more information on the online cybersecurity awareness program, please contact us.

Face-to-face training options
Security Centric also offer longer-form face-to-face training, providing opportunities for a high level of interaction where students can ask questions or seek additional information about the topics covered. Security Centric provides a set of course notes, ensuring that students can focus on the material and gain the greatest and longest-lasting benefit from the course.

Get in Touch

Learn how to test, train, and protect the staff at your organisation against cyber threats.
Get in Touch