As compliance mandates and consumer privacy laws get tougher, businesses are taking matters into their own hands, launching internal phishing attacks to identify at-risk users.
Phishing remains a profitable tactic for cybercriminal organizations. The ability to gain access to internal systems, compromise credentials, or convince a user to wire money is well within the cybercriminals reach, accomplishing these attack results and more on a daily basis.
Organizations like UNC Health Care in Chapel Hill, NC receive over 91 million suspicious emails a every quarter, with a little more than 8 million still getting past security scanners. Even with 30,000 employees, that still represents an average of about 4 phishing emails a day per user.
To get ahead of real attacks, UNC Health Care – and many other similarly concerned organizations – regularly test users via internal phishing attacks. Sending out 3,000 attacks monthly, UNC Health Care’s cybersecurity team can identify those users that put the organization at risk.
Employee’s not being mindful of the existence of email-based phishing attacks can be easily fooled with emails promising free gifts, package deliveries, problems with banking transactions, documents to sign… and the list goes on and on. These phishing emails highlight how vulnerable an organization’s security really is – and how they need to rely on the user to participate in ensuring security.
Organizations wishing to enhance their security posture – like than of UNC Health Care – should be considering Security Awareness Training. Users are educated on the need to be vigilant, being taught what to look for and how to respond. Users are tested with internal phishing campaigns which allow security teams to assign additional training to reaffirm the need for users to be security conscious.