[June 14, 2011]

PhishMe Held Private Event to Help Companies Address Growing Spear Phishing Concerns

PhishMe, a leading provider of anti-phishing training, hosted a private event for its customers last month to discuss current security concerns and best practices to combat these constantly evolving threats. The daylong event allowed security professionals in financial services, technology and telecommunications sectors, along with defense contractors to share insights on trends, challenges and solutions to protect networks from successful spear phishing attacks.

"We in information security are all basically technology people, but the core vulnerability that spear phishing exploits is human nature - it can't be solved with technology alone," said Jeremy Brandt-Young, Head of Information Security, Natixis North America. "This event provided a great opportunity to take a hard look at the problem, combine our widely varied experiences, and come away with some new insights on combining human and technical techniques for dealing with this threat."

While traditional phishing attacks are a main concern, attendees reported that attachment-based phishing attacks had significantly increased. To help address the success rates of various spear phishing schemes, PhishMe outlined the use of regular mock phishing attacks to increase employee awareness of suspicious email. By executing corporate sanctioned mock phishing exercises, employees are not only able to identify fraudulent emails, they are now in the position to report them to the proper authorites - further increasing the IT department's ability to take secondary measures to mitigate potential threats. This includes alerting the organization about an attack, blocking phishing URLs on the firewall, or quarantining the suspicious emails.

"Hackers are finding success with spear-phishing attacks, despite the technical defenses that are available," said Doug Hagen, Lead Developer for PhishMe. "In addition to technology, companies need to be proactive in educating their employees on what to look for to effectively reduce the risk of falling victim to increasingly targeted and sophisticated phishing attacks."

Another key issue raised by attendees during the event, was the growth of phishing attacks to include the exploitation of social media networks to seem more credible and increase the effectiveness of attacks. As the corporate world continues to adopt new social media methods, online criminals are becoming more and more privy to private information. "Without a dedicated effort to train and educate employees on what to look out for, the success of targeted spear phishing attacks will continue to lead the news headlines," added Aaron Higbee, CTO, PhishMe. "The simple reason these attacks continue to rise in volume is the fact that they are working."

For additional information on PhishMe's training and mock phishing exercises, or to inquire about a free trail, please visit: http://phishme.com/sign_up.php.

About PhishMe.com

PhishMe.com provides organizations the ability train their employees and customers about the risks of spear phishing with just a few simple clicks. With over one and a half million individuals trained since its launch in 2009, PhishMe provides a cost effective way to mitigate this challenge. The company has proven that its trainings can reduce the threat of employees and customers falling victim to phishing attacks by up to 80 percent.

PhishMe.com facilitates and automates the execution of mock phishing exercises against employees and customers, provides clear and accurate reporting on user behavior, and most importantly provides instant, targeted training. PhishMe.com works with Federal Agencies and Fortune 1000 companies across multiple vertical market sectors including financial services, healthcare, higher education and defense. For additional information, please visit: www.phishme.com.

[ Back To TMCnet.com's Homepage ]