PRESENTED BY Ray Dalgarno Empowering the Human Element within the Security Eco-system
Agenda Phishing General Background Why Phish5 Phish5 Service - Features & Functionalities Q&A Live demonstration (post presentations)
Phishing & Spear Phishing Phishing refers to emails utilising a shotgun, indiscriminate approach. Designed to trick recipients into opening attachments which have malicious code embedded, submitting credentials or visiting a website which hosts malicious code Spear Phishing aims are similar to Phishing but are in an increasingly sophisticated & targeted form that, to the recipient, appears to come from a legitimate, trusted source
No-one is Safe USA - White House systems USA retailers - Target, Home Depot Sony Pictures NATO Conference Wales (October 2014) Chartered Institute for Securities and Investment
UK Cyber Security 90% of large businesses & 74% of smaller ones surveyed suffered a cyber security attack in 2014 the average cost of a breach to business has increased dramatically since 2014, 75k - 311k Cost to SMB organisations 1.46m - 3.14m Cost to larger organisations PWC-Information Security Breaches Survey 2015
Distribution of Spear-Phishing Attacks Small & Medium Businesses 1-250 Employees 34% 30% 2014 2013 Large Enterprises 2,500 + Employees 41% 39% 2014 2013 Symantec Internet Security Threat Report Vol 20-2015
Growing International Exposure +/-100 International Banks (est. losses to-date 650M) Inga Beale, CEO Lloyds of London UK companies lose up to 268 million per year the situation is only worsening CMI online 07 April 2015 New data protection laws being finalised in the EU general Only 14% data of breaches breach publicly notification declared obligation, however (PWC Survey) European Data Protection Supervisor, Giovanni Buttarelli April 2015
Verizon Global Breach Statistics 70 contributing organisations; CERT UK, CERT EU, US Secret Service, A.F.P 61 countries represented; U.K, U.S.A, Japan 70% of attacks included a secondary victim Hackers gain access to a secure environment via a less secure environment
Phishing Breach Acceleration 82 seconds from start of phishing attack to first bite 90% chance or greater that at least 1 person will become the phishing criminals prey Verizon Breach Report 2015
Aberdeen Group Report Want to significantly reduce your organisation s IT security-related risks? - Change the behaviour of your end-users Before-and-after click rates show that investment in user awareness and training reduces infections (breaches) from user behaviour by 45% to 70% www.aberdeen.com: The last mile in IT security Changing User Behaviours Oct 2014
Vulnerabilities Growth Rate National Institute of Standards and Technology US Dept of Commerce Feb 2015
Cyber-Security Environment 9 Threat Platforms listed; from the Internet of Things to BOTS, 4 of these 9 platforms identified for phishing attacks 3 Security Effect levels; Use simulated attacks to Harden Defences, improve readiness: Conduct Enhance Detection, regular internal and Reduce Impact external penetration tests that mimic an attack 20 Priorities; From Inventory of Authorised and Unauthorised devices to Penetration Testing The Council on Cybersecurity - 20 Critical Security Controls http://www.counciloncybersecurity.org
Why Phish5 On demand scalability in a highly secure, cloud service Developed by a dedicated team lead by respected international cyber-security consultants Ease-of-use by non-technical people Campaigns executed by customer or business partner
Why Phish5 Rapid phishing attack simulation = Pro-Active Immediate management awareness leads to training & other remedial action Enhances existing security immediately Global customers experiences in both the public and private sectors Highly competitive pricing - Great value for money
Phish5 Features MS Office Macro based campaigns: Know which users open attached Office documents & enabled macros Campaign Scheduling: One or many campaigns in staggered launches Schedule campaigns launching to the second Mx Over-ride: Bypass message filtering provider such as Mimecast & Messagelabs
Phish5 Features cont. PDF reporting: Flexible PDF reporting at the click of a button having the ability to fine-grain reports User management: Easily tag and target groups of users e.g. HR, Sales, Legal, Management, Divisions, Branches, Regions Anonymous Campaigns: Know the number of users that were caught, with all of the supporting campaign info, without identifying individual users
Phish5 Features cont. Template options: HTTPS-based phishing sites DKIM backed sender domains Different lures for different user groups Staggered Delivery: Avoid alerting through every office phone beeping at once Browser and plug-in vulnerabilities: Interrogates the status of each client-side machine attacked and reports by vendor/product and release
Phish5 Example Pie Charts Vulnerable browser distribution Vulnerable plug-in distribution
Activity Monitoring & Reporting Real-time Dashboard Summary and Detail reporting Statistical graphs and charts 10 users - opened attachments 50 users - provided credentials 49 users - vulnerable to browser or plugins issues 7 users - been previously phished
Activity Monitoring & Reporting
Unique / In House Phish5 Package Code build; development & on-going maintenance costs, people dependency Skilled knowledge typically required for changing attack profiles Attack execution needs skilled staff availability Phish5 research and development costs spread over multiple users globally, cross-industry experiences Industry recognised templates with easily customisable lures or messages Immediate availability you execute when you wish as often as you wish Quantifiable campaign measurements with comprehensive reporting
Free Assessment. To all participants in today s Kingston Smith Cyber Event We are pleased to offer a free, 50 email user account From a single 50 email anonymous baseline campaign to a number of smaller campaigns your choice Test the Phish5 range of options your choice Register interest at https://phish5.com/enquiries Insert words KS Cyber Event in the Message block
Empowering the Human Element within the Security Eco-system.. Ray Dalgarno ray@phish5.com https://phish5.com Thank you.