Employee Phishing Training through Simulation
Running simulations for employee phishing training helps organizations find where their risk is and helps train employees how to handle phishing attacks.
Category: Configuration Management Database (CMDB), Email Security
Cyware Products Used:
Cyware Fusion and Threat Response (CFTR)
Orchestrate (CO)
Third-Party Integrations Used:
Active Directory: To retrieve user information and supervisor information.
Problem Statement
Phishing emails remain the most common challenge for a modern Security Operations Center (SOC). SOCs process a large number of phishing alerts in a day, and even the slightest critical phishing alert puts organizations at significant risk. It is important to continuously train and test your employees to handle phishing attacks as part of the cyber security awareness program.
Solution
Phishing simulations can help you find where the risk is, how to handle phishing emails in your organization, and promote safe email practices. Additionally, the SANS phishing campaign playbook allows security teams to track employees at risk of a phishing attack and focus on training them to handle phishing emails.
How do we solve this problem?
The solution retrieves details of users who fall victim to the SANS phishing campaign using a webhook configured on the SANS phishing campaign target page.
Retrieve Phishing Campaign Activity: The playbook starts by retrieving details such as the user's name, access date, user email address, and phishing campaign name from the SANS phishing campaign target page.
Retrieve User from Active Directory: Using the user email address identified in the SANS phishing campaign, the playbook retrieves all other details of the user from the Active Directory application. The details include the supervisor’s name, devices used by the user, and if the user is an external or internal employee.
Update CFTR User Details: The playbook updates the details of the user in the CFTR assets module. It adds a note First Time Victim of Phishing Campaign to the user details. If the user details are not available in the CFTR application, then a new entry is created in the CFTR asset module.
External or Internal Employee: The playbook identifies if the victim user is an external or internal employee. For both conditions, the following actions are performed.
Send Email To Victim User: A notification email is sent to the user about the phishing campaign. This email is sent every time the user falls victim to the SANS phishing campaign. The email also contains learning material to create awareness about phishing practices.
Send Email to Supervisor: A notification email is sent to the user’s supervisor about the phishing campaign. This email is sent every time the user falls victim to the SANS phishing campaign.
Optional Configuration
You can also configure the playbook to notify the IT department or Human Resource team if the user falls victim more than three times to the SANS phishing campaign.
Benefits
Reduce Human Risk
An automated phishing campaign management process helps organizations to improve employee awareness and change their behavior to handle phishing attacks.
Defend Against Targeted Attacks
Security teams can set up phishing campaigns for highly critical and targeted phishing attacks to train employees and create a top-notch defense against any kind of phishing attack.
Build Awareness based on Metrics
SANS phishing campaign allows organizations to find out if financial data is compromised by phishing attacks or do employees offer personally identifiable information data to attackers and offer relevant training programs.