The SANS Institute has updated its Phishing Training solution, offering organizations new tools that help them determine how susceptible their workforces are to phishing attacks.
SANS Phishing Training now features email templates that are updated on a regular basis, ensuring that security awareness professionals can keep up with the latest tactics used by scammers. It also includes a practice mode for phishing simulations and dashboards that help measure the effectiveness of phishing awareness programs.
For a more granular approach, the product allows users to target campaigns at specific user groups using varying degrees of complexity. SANS Phishing Training also integrates with Advanced Cybersecurity Learning Platform (ACLP) security training product from SANS.
"The new SANS Phishing Training is a turnkey solution for today's time-starved security awareness professional," said Lance Spitzner, director of the SANS Security Awareness program, in a statement. "SANS phishing training makes it easier to measure and manage a program and ultimately change behavior."
Phishing is a growing concern for businesses, and they are right to worry.
A recent survey from Wombat Security Technologies revealed that 30 percent of workers in the U.S. and the U.K. don't know what phishing is. Ten percent couldn't even hazard a guess.
Given that most folks aren't well-versed in today's cyber-threats, businesses may need to take it upon themselves to educate their workers about the dangers that phishing can pose to their organization's sensitive and valuable information.
"We often find that those of us who work in cyber security overestimate the knowledge the general public has on cyber security risks and basic secure behaviors. Wombat vice president of marketing Amy Baker said in a statement. "This could be giving security professionals false confidence and may be the reason why just fewer than half of organizations have a security awareness training program for their employees," said Amy Baker, Wombat's vice president of marketing.
Once used to scam victims out of account information or other personal details, many phishing emails now carry an insidious payload.
In the third quarter of 2016, more than 97 percent of phishing emails delivered some form of ransomware, according to a PhishMe study. "The rapid awareness and attention on ransomware has forced threat actors to pivot and iterate their tactics on both payload and delivery tactics," said PhishMe CEO and co-founder Rohyt Belani, in a statement.