In the modern age, attacks against organizational emails are more prevalent and sophisticated than ever. A simple firewall is no longer enough to protect an organization and its information from external threats.
Using different applications for protection against viruses, Trojans etc., is not enough. Research shows the weakest links in protecting against phishing attacks are an organization’s employees, which is why Intensity offers a cloud-based solution whose goal is to train the organization’s employees to deal with focused email attacks.
Anti-virus software is not enough to protect from all types of attacks. Therefore, the importance of training the employees and increasing their awareness and ability to identify and respond to cyber-attacks is critical.
How does it work?
It works through education and by providing practical tools for dealing with cyber-attacks.
Our service collects public information on the organization’s employees, just as potential attackers would. A smart engine then creates a simulated attack program.
The system adjusts the content of the mails to the simulation type and the employee’s level. Throughout the year the system will train the employee over and over again until they have reached the required level. It will present threats from the real world and provide short instructions in addition to periodic reports.
Types of Attacks Simulated:
Drive-by attacks – an email is sent with a link. The employee is encouraged to click the link which will lead to an instructional video.
Attachment attack – an email is sent with an attachment. This type of attachment tests to see which of the users is tempted to open the attachment and endanger the organization with a Trojan. Opening the file will lead the user to a relevant tutorial.Call for Action – A mail is sent that includes a link to a fake page prepared in advance. The purpose of this is to see which user provides personal information such as username or password, or is tempted to download a file and install it.
Benchmark – an email is sent with a link inside the body of the text, encouraging the user to click on the link. This type of test is sent at the beginning and end of the employee’s training, to test the organization’s level of awareness.
As a result of these activities, employees will know how to identify and protect from cyber-attacks directed their way.