14 Aug Mimecast redefines phish testing and training with safe phish
Mimecast have announced an industry changing capability that will allow customers to launch live phishing simulations. Known as SAFE Phish, it’s designed to let security teams create training exercises using real-life, de-weaponized campaigns that target their organizations and employees. Training results are engineered to be incorporated into the Mimecast SAFE ScoreTM dashboard, which is designed to aggregate data to gauge a company’s security posture. Organizations have an opportunity to re-define the way overall risk is measured as a result.
“Replicating genuine phishing attacks for training purposes has historically been challenging,” said Michael Madon, SVP and GM of Mimecast Security Awareness Products. “With SAFE Phish technology, end-users can safely be exposed to real-life, de-weaponized phishing attacks to make training more effective and provide a data-driven picture of which employees are most at risk. Our research has shown that end-users who have taken Mimecast Awareness Training are 5.2 times less likely to click on dangerous links. We’re very excited about how SAFE Phish simulations can further help increase the impact of our security awareness solution.”
Because SAFE Phish results act as a security feed, data from phish testing can be incorporated into the Mimecast SAFE ScoreTM dashboard, which is designed to calculate individual user risk using four factors – engagement, knowledge, sentiment, and bad URL clicks. Data is also aggregated to provide an overall organizational risk assessment.
“SAFE Phish and the SAFE ScoreTM dashboard are designed to work together to transform the way risk is measured,” said Mandy McKenzie, director of product management for Mimecast Awareness Training. “Security teams can get a more complete view of risk at both the individual and organizational level and also benchmark their performance against peers in their industries or geographical regions. Using that information, they can take a more proactive approach to addressing potential issues, from applying new security controls or assigning additional training to their riskiest users.”
According to recent research from Mimecast, almost 60 percent of 1,025 IT decision makers said they saw an increase in both phishing (58%) and impersonation attacks (60%) over the last year. The uptick of COVID-19-related phishing campaigns also highlights the fact that threat actors are looking for new opportunities to target victims with relevant topics.