Phishing

People are considered the weakest link in cyber security. Organisations are constantly targeting by attackers/hackers to trick and deceive people into revealing sensitive information such as passwords or installing malware such as ransomware.

Recent statistics show phishing threats continue to rise. Since 2019, the number of phishing attacks has grown by 150% percent per year—with the Anti-Phishing Working Group (APWG) reporting an all-time high for phishing in 2022, logging more than 4.7 million phishing sites. According to Proofpoint, 84% of organizations in 2022 experienced at least one successful phishing attack.

Our phishing exercise will test your organisation’s ability to recognise and responds to a phishing attack. We will design a phishing programme to trick your people (including senior management and their executive assistants) into downloading malware such as ransomware, revealing confidential and sensitive information (such as usernames, password, or credit/debit card details), or making a financial transaction to the wrong recipients.

Mandatory Training

We will establish and deliver mandatory information security and privacy training considering
the evolving threats and risks to your organisation including:

  • The context of your threat landscapes and risks;
  • An overview of your Information Security Policies and Standards;
  • An overview of internal and external threats;
  • Identification and reporting of Incidents;
  • A test of knowledge with a minimum pass score of 80%; and
  • Tracked and compliance metrics reported through information security governance.

Role Specific Trainings

Our roles specific trainings (including the Board of Directors) are aimed to provide the relevant level of IT, information security and privacy skills and knowledge required for the role of the person/s being trained to fulfil their obligations effectively and securely.

Metrics and Reporting

Our Training, Education and Awareness programme are tracked and compliance metrics
reported through relevant governance and must include the following as a minimum:
🗸 % of people who have successfully completed information security and privacy
mandatory training;
🗸 % Phishing emails responded to (attachment opened, linked clicked);
🗸 % Phishing emails reported;
🗸 Number of suspicious emails reported (whether malicious or not);
🗸 Number of incidents (including security) reported;
🗸 % of Information Security and IT staff whose information security knowledge and skills have been assessed as satisfying the requirements of their role.