Phishing Victims (That’s Us) Need Training and Tools

Phishing is a growing problem online today.

It wasn’t long after Phil Richards joined Ivanti as Chief Information Security Officer (CISO) that we as fellow Ivanti employees started receiving email invitations to participate in periodic “Security Awareness Training” modules online. And it’s a good thing.

After having completed the “Security Essentials” and “Safer Web Browsing” courses—the first two of nearly 20 offerings I think—I’ve come to realize such training is helpful—and essential.

The modules aren’t burdensome and typically take around 20 minutes to view the content and answer the quiz questions. Topics on the horizon include Password Training (received the email invitation for this just the other day), URL Training, Social Engineering, Security Beyond the Office, Safe Social Networks, and many more.

In addition to the training, the Ivanti Security Team has sent out periodic mock-phishing messages to all employees to help us understand our company’s risk to this type of attack so that we can better identify, avoid, and report the suspicious or malicious emails we encounter.

Mock-phishing campaign report card

In mid-February the Security Team published a “Phishing Campaign by the Numbers” report that included stats on the rates of clicks on the links to the fake or mock site, as well as the rates of compromise (where employees entered their credentials) on the fake site.

The bottom line is this: all Ivanti departments—especially the department I’m in, Marketing—need to do a better job at avoiding clicking on links and entering information.

“Don’t blame the victims; instead, give them the right tools”

My dark mood from our poor performance with the mock-phishing emails was lifted a little after reading the Forrester report “Ransomware Protection Best Practices: Harden Your Defenses Now for This Growing Threat” that you can download below.

In the report, authors Chris Sherman and John Kindervag state:

“Don’t blame the victims; instead, give them the right tools. You should never blame your employees for interacting with a malicious email or link. Regular security training should absolutely be a requirement, but for complete email threat protection you must deliver a comprehensive set of capabilities. These include: 1) antispam; 2) categorization of graymail; 3) robust static and dynamic analysis tools; 4) URL rewriting; and 5) analytics to prevent phishing and email fraud.”

The authors also state:

“Ransomware is just malware with an intimidating twist. Your best bet is to optimize your current spending by ensuring that your vendors’ solutions provide protection against this threat.”

Without question, ransomware poses many challenges, and there’s no silver bullet to combat them. But you can radically improve your security with a multi-layered approach. Ivanti offers a range of security solutions, including Application Control, Endpoint Security, Patch for SCCM, and Patch for Servers, to help you meet your multi-layered malware and ransomware protection needs.

Ivanti recognized at RSA with two security awards

In February at the RSA conference and expo in San Francisco, Ivanti Application Control for Windows Servers, powered by AppSense, won the CDM 2017 InfoSec Award for “Most Innovative Data Center Security Solution.” The award positions Ivanti among Cyber Defense Magazine’s InfoSec Innovators of 2017.

Ivanti Endpoint Security, powered by HEAT Software, was also recognized as a Silver winner of the Info Security Products Guide Global Excellence Award in the Endpoint Security category (100 to 499 employees).

“As organizations face increasing cyber security threats, it’s critical to adopt powerful solutions that will provide comprehensive threat detection, prevention and remediation – from the endpoint to the data center,” said Duane Newman, Vice President of Product Management, Ivanti.

“Ivanti Application Control for Windows Servers provides a powerful extra layer of protection in the data center, reducing the attack surface and mitigating the risk of cyber attacks on critical server workloads. Equally, Ivanti Endpoint Security provides proactive and reliable protection for endpoints to prevent the risk of malware intrusion.”