Phishing Awareness Assessment
Attacks using fake emails present a serious risk to companies. In the context of these so-called phishing attacks, attempts are made to break into IT systems or obtain money by exploiting human misconduct in handling e-mails. The techniques that are used in such an attack are often very sophisticated and successful in many cases. The resulting damage to a company can be enormous, depending on the attack scenario and ranges from a complete outage of the IT or production facilities up to financial losses in the millions.
For the success of a phishing attack, the misbehavior of a single employee is often enough. The existing sensitization of employees to this type of attack is therefore one of the essential elements for protection against phishing attacks in addition to technical security controls. With the Phishing Awareness Assessment, we support you in assessing the existing employee awareness and increase it through targeted awareness measures.
The Phishing Awareness Assessment can optionally be integrated into a comprehensive Social Engineering Assessment, that encompasses additional means of attack in the area of social engineering.
Assessment and improvement of employee awareness regarding real phishing attacks by simulating recurring phishing attempts with subsequent clarification and awareness raising
How effective are existing awareness-raising measures against phishing attacks and can these be improved through direct clarification after successful attempted attacks?
Personnel or employees
As part of a phishing awareness assessment, the existing employee awareness is measured through simulated phishing attacks. These can, for example, target all employees or only individual groups of people (spear phishing or whaling). Possible attack scenarios range from picking up valid access data to executing malicious attachments to carrying out unauthorized processes (e.g. making a transfer).
If the attack attempts are successful, employees are immediately confronted with their misconduct in the relevant situation. You will receive specific instructions or suggestions for adapting your own behavior, which will help you to recognize a similar attack or at least to reduce the success of such an attack in future situations.
By repeatedly executing different attack attempts, the effect of the awareness measures can be measured over a longer period of the assessment. You will thus receive direct feedback about the improvement in employee awareness in your company.
The Phishing Awareness Assessment consists of the following parts:
- Workshop to coordinate attack scenarios and objectives
- Gathering internal information to create the most authentic phishing attacks possible
- Carrying out one or more variants of phishing attacks
- Integration of awareness measures in successful phishing attacks
- Evaluation of the results and possibly further iterations starting with step 3
As a result you receive a comprehensive final report with the following components:
- Management summary with a short summary of the results
- Description of the project process, objectives, scope, and methodology
- Detailed description of the results regarding
- Success probability of different attack variants
- Evolution of employee awareness
- If necessary, a description of higher-level strategy, concept and process-related measures or optimization proposals.