88
PEER TO PEER: THE QUARTERLY MAGAZINE OF ILTA | SPRING 2016
With its low cost of entry,
targeted email spear phishing
is one of the important
attack vectors on the rise for
our firm. Even though there
are technological solutions
to combat email phishing
attempts, any combination of
technology solutions probably
cannot weed out all well-
crafted email messages before
they reach our users.
Any information security program is only as good
as its weakest link, so it was imperative for us that a
well-designed information security awareness program
be designed, implemented and measured to mitigate
the risks around social engineering — including email
phishing.
Our Goal
Our program goal was to implement a technology
solution that will help our firm conduct simulated
phishing aacks on users to measure and improve the
effectiveness of our information security awareness
program. Specifically, we wanted to ensure it bolsters
our firm's "human firewall."
Our Requirements
We asked the following questions while reviewing
solutions:
» Ease of Use and Deployment: How fast can we
have the solution up and running? How easy is it
to deploy a campaign? Is it easy to navigate and
use? Is it hosted in-house or in the cloud? How
will we keep up with product updates? What are
the hardware needs (physical vs. virtual)?
» Features: Does the tool have built-in templates
for different scenarios? Are they customizable
to our needs? Does the tool provide other forms
Catch and Release: Raising Phishing Aack Awareness
LESSONS LEARNED
Catch and Release:
Raising Phishing Attack Awareness
by Prabhakar Chandrasekaran
