Sophos Phish Threat Trains End Users to Spot Ransomware Tries
Low security awareness among customer staff can cost them, and partners, big bucks.
January 25, 2017
**Editor’s Note: Click here for our recently compiled list of new products and services.**
Ransomware, often delivered via phishing attacks, is security enemy No. 1 and a top threat facing customers in 2017. Payouts are up – $1 billion last year, says the FBI – and tolerance is down for end users lacking in basic security hygiene. It’s against that backdrop that Sophos released on Wednesday its Phish Threat training service and phishing attack simulator. The system integrates with the Sophos Central security management platform, and automated campaign analysis means it can be updated continuously to reflect changes in attacker behavior.
Karl Bickmore, CEO and founder of Snap Tech IT, says the system is good for both customers and his business.
For customers, Bickmore cites wire transfer schemes that are remarkably realistic and can end with tens of thousands of dollars in losses.{ad}
“That’s a problem for them and it’s a problem for us,” he says. “We have to stop work and do emergency remediation, and the customer has to deal with significant risk.”
Snap Tech is a Sophos partner with 55 employees that focuses mainly on small and midsize clients. It delivers full end-to-end outsourced IT, with many financial services customers. Bickmore points out that, in a fixed-cost MSP business model, time is money, and full remediation of a successful attack can take weeks or months.
“Anybody who isn’t getting in front of security threats in their client base is going to fall behind soon,” he said. “This is our clients’ greatest fear, and it’s what causes us the most work. This product couldn’t come along at a better time.”
With Phish Threat, a partner can send realistic phishing emails direct into an end user’s inbox, regardless of mail client. A key point is that end users don’t know they’re in training mode.
“It’s real-world testing,” says Bickmore. “They don’t know this is coming. You’re sending very realistic-looking emails, like a fake Amazon confirmation or a FedEx shipping notification.”
The emails include …
{vpipagebreak}
… hints that they’re not legit, such as slight spelling errors or URLs that don’t go where they’re supposed to.
“As soon as they either click it or don’t click it, we have a dashboard that tells us what’s going on,” he says. “We can go back to the client and talk about what users didn’t notice but should have.”
While he’s only rolled the product out in a limited prerelease version, Bickmore says awareness is already being raised.
Sophos acquired the Phish Threat technology late last year from Silent Break Security, a penetration test and risk assessment consultancy. Silent Break CEO Brady Bloxham said his firm built Phish Threat to replicate the mindset of a real attacker, using the methods and techniques in use today. Phish Threat is delivered as a service, and Sophos says it will evolve as threats change, with regularly updated templates reflecting current attacker methodologies.
“For years, criminals have disguised attacks in email,” said Bill Lucchini, SVP and general manager for the Sophos Cloud Security Group. “SophosLabs sees phishing emails as a primary delivery method for ransomware payloads.”
That’s because attackers, often rightly, see end-user behavior as the weakest link in a company’s defenses.
Bickmore says a major selling point for his firm is being able to administer the product through the Sophos Central management platform, which also centralizes management of products including the next-generation XG Firewall, Sophos Endpoint Security, Sophos Intercept X, Sophos Email Security, Sophos Server Protection and Sophos SafeGuard Encryption.
“It has a very nice managed-service focus,” he said. “I don’t think anyone else has anything close.”
Follow editor in chief @LornaGarey on Twitter.
Read more about:
AgentsAbout the Author
You May Also Like