Spear-phishing is a related term used to describe phishing that targets specific organizations. These targeted attacks attempt to gain unauthorized access to specific critical information.
Phishing scams are real threats that result in various types of losses.
There are two generally accepted ways to address phishing.
After years of white-hat email social engineering engagements, we believe that filters are absolutely critical to have in place.
Somehow, year-after-year, filters and other controls never quite seem to be enough to keep people from directly or indirectly disclosing sensitive information.
Even with new exciting new advances in filtering, including Data Loss Prevention (DLP) critical information can still be disclosed.
There is no substitute for having an effective 'human firewall' where your people thwart unauthorized information access requests. In spite of the excellent training and educational materials available, it is typical to train employees and never test how well they resist the temptations of a compelling phishing message.
Many organizations embrace the idea of safely testing the human firewall. It is viewed as a logical and important extension to traditional technical security assessments.
Historically, these tests had to be done with highly-skilled (and expensive) consultants who performed one-time limited email social engineering tests.
PhishLine enables organizations to perform unlimited tests in an automated manner. The system's power to help visualize trends provides deep insights into the people, processes and technology that is most vulnerable.
With power comes responsibility. PhishLine is not a trivial tool to simply "trick" your employees. It is an enterprise ready, professional solution that can make a real difference in reducing your risk exposure when used in a manner that is appropriate for your organizational culture.
It is best used in the concert with mature, relevant and focused enterprise information security programs.
Absolutely! If you want a personal response, you may enter your contact information. If not, we will consider the question for posting in the FAQ.