Category Archives: Cyber Incident Response

An 80’s party, PhishMe Simulator™ Certification and savings of $100. They’re three great reasons to attend PhishMe® Submerge 2017, our second annual User Conference and Phishing Defense Summit, Nov. 29 – Dec. 1, Gaylord Hotel, Washington National Harbor. Join PhishMe and other security professionals who have the strategies to keep your business safer through fortified phishing defense. Time-warp back to the Reagan Years. Our welcome reception is an 80’s party starring The Reagan Years, the era’s ultimate tribute band. Kick off the conference with Madonna, Bon Jovi and all your 80’s faves as you relax, network and check out people adorned…

The post Rock the 80’s and More at PhishMe Submerge 2017! appeared first on PhishMe.

Rock the 80’s and More at PhishMe Submerge 2017! was first posted on October 11, 2017 at 10:51 am.
©2017 “PhishMe Staging“. Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at pmit@phishme.com
Continue reading Rock the 80’s and More at PhishMe Submerge 2017!→

Part 6 in a series on being “Left of Breach” in the Phishing Kill Chain. In part 5 we looked at the importance of reporting and associated best practices for implementation and measuring success at both the simulation and program trending level. Now let’s shift the focus from the development of our user base as reporters to a more traditional security skill set of detection, analysis and mitigation of threats. The goal at this stage is to maximize our human informants and shorten the meantime-to-detect and meantime-to-respond to threats in your environment. Enablers of success at this step: Improved awareness…

The post The Phishing Kill Chain – Triage and Mitigation appeared first on PhishMe.

The Phishing Kill Chain – Triage and Mitigation was first posted on October 9, 2017 at 10:25 am.
©2017 “PhishMe Staging“. Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at pmit@phishme.com
Continue reading The Phishing Kill Chain – Triage and Mitigation→

Part 1 in a weekly blog series, “How Attackers Target Trust,” running during October, National Cyber Security Awareness Month and European Cyber Security Month.  While modern technology and pervasive media can make all things appear new, they really aren’t. As we continue the battle against advanced persistent threats, malware and fraud, it’s important to remember that confidence men and women have been at this game for a long time. And all along, their real target has been user trust. To take full advantage of the attention we get during Cyber Security Awareness Month, we need to talk to users about…

The post Don’t be so emotional. (It hurts security awareness.) appeared first on PhishMe.

Don’t be so emotional. (It hurts security awareness.) was first posted on October 5, 2017 at 9:00 am.
©2017 “PhishMe Staging“. Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at pmit@phishme.com
Continue reading Don’t be so emotional. (It hurts security awareness.)→

Part 5 in a series on being “Left of Breach” in the Phishing Kill Chain. In part 4 we looked at Simulation Delivery, and stress the importance of utilizing methods that model malicious actors and advanced persistent threats. We will now take a closer look at developing reporters in your company environment. This point in The Phishing Kill Chain is where we break from the standard model. It is where we switch from defensive mode to proactive threat management. All our earlier steps are designed to reach this point so it is important that we consider some best practices and…

The post The Phishing Kill Chain – Reporting appeared first on PhishMe.

The Phishing Kill Chain – Reporting was first posted on October 2, 2017 at 12:21 pm.
©2017 “PhishMe Staging“. Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at pmit@phishme.com
Continue reading The Phishing Kill Chain – Reporting→

Anti-phishing, like all security, is a team sport. (Apologies for that metaphor, but football season is here.) So join PhishMe® and other security professionals at PhishMe Submerge 2017, our second annual User Conference and Phishing Defense Summit, Nov. 29 – Dec. 1, Gaylord Hotel, Washington National Harbor. PhishMe customers can connect with other PhishMe experts and front-line peers who have the strategies and experience to keep your business safer through fortified phishing defense programs. Learn the latest on phishing resilience. There are 30+ sessions, 14 in our Phishing Resilience track alone. Our speakers will break down the latest threats plus…

The post Team Up Against Phishing at PhishMe Submerge 2017 appeared first on PhishMe.

Team Up Against Phishing at PhishMe Submerge 2017 was first posted on September 27, 2017 at 1:05 pm.
©2017 “PhishMe Staging“. Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at pmit@phishme.com
Continue reading Team Up Against Phishing at PhishMe Submerge 2017→

Part 4 in a series on being “Left of Breach” in the Phishing Kill Chain. In part 3 we looked at Simulation Design, where we discussed utilization of simulation results analysis and active threat intelligence in anti-phishing programs. We will now take a closer look at simulation delivery practices. Once again, we want to model the real world as much as possible in our approach to simulations. Generally, malicious actors and advanced persistent threats use two approaches in their phishing campaigns. Traditional Phishing – utilizing mass emailing for both reconnaissance and exploitation Spear Phishing – targeted emails based on reconnaissance…

The post The Phishing Kill Chain – Simulation Delivery appeared first on PhishMe.

The Phishing Kill Chain – Simulation Delivery was first posted on September 25, 2017 at 9:47 am.
©2017 “PhishMe Staging“. Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at pmit@phishme.com
Continue reading The Phishing Kill Chain – Simulation Delivery→

Attention incident responders: PhishMe® Submerge is for you. Submerge 2017, our second annual User Conference and Phishing Defense Summit, offers over a dozen sessions on phishing defense alone. Overall the event will offer 30+ sessions, including another track covering phishing resilience. So if you’re a PhishMe customer, join us Nov. 29 – Dec. 1, at the Gaylord Hotel, Washington National Harbor. Learn from the experts. Strengthen your phishing defense. Brendan Griffin, PhishMe Threat Intelligence Manager, will take you through “Malware Analysis 101.” Learn the basics of identifying and categorizing malware content, plus using open-source intelligence to perform effective triage. Chris…

The post Tune Your Phishing Defense at Submerge 2017 appeared first on PhishMe.

Tune Your Phishing Defense at Submerge 2017 was first posted on September 21, 2017 at 1:03 pm.
©2017 “PhishMe Staging“. Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at pmit@phishme.com
Continue reading Tune Your Phishing Defense at Submerge 2017→

The US and UK share a lot of things. History. Political traditions. A language, if one is feeling generous. And now some worrisome phishing data that jumps out of two reports PhishMe® has commissioned, most recently in the UK. Both our UK and US reports look at phishing response trends. Here’s the story: companies on each side of the pond cite phishing as their #1 security worry—but nearly half say they aren’t ready to handle an attack. Somewhere, Winston Churchill and FDR are rolling over. Compare the two reports and you’ll glean the following insights: About ½ of companies can’t…

The post 5 Reasons Our UK Phishing Report Would Make Winston Churchill Scowl appeared first on PhishMe.

5 Reasons Our UK Phishing Report Would Make Winston Churchill Scowl was first posted on September 20, 2017 at 9:59 am.
©2017 “PhishMe Staging“. Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at pmit@phishme.com
Continue reading 5 Reasons Our UK Phishing Report Would Make Winston Churchill Scowl→