Phishing

What Is It?

Phishing is a form of social engineering attack conducted using electronic communication systems, such as email or text message, where a threat actors attempts to either extract sensitive information or encourage the victim to conduct an action which would benefit the threat actor.

Why Assess It?

There are many reasons to conduct a phishing security assessment, five of which are below.

Gain Risk Insight

It is possible to validate a patch has been supplied to a server but when it comes to humans it is not possible to validate whether behaviour will place your organisation at risk or if the phishing will be handled securely. It is valuable conducting a real life exercise to see if the training your organisation has delivered is working.

Validate Control Processes

By testing the security awareness across your teams in a safe and controlled fashion it will allow you to find flaws in systems and processes. This allows you to improve them without the urgency and pressure of having to respond to an actual attack.

Refine Security Training

Training needs to progress as both your organisation changes and threat actors tactics change. Conducting a real life phishing exercise provides you with the knowledge and real world impacts to both guide and deliver this essential training.

Exercise Response Capability

How an organisation handles a phishing attack is often different to what the organisations policies say. This is because humans are inherently helpful. Conducting a real life exercise allows you to see first hand how the incidents are handled by the teams inside your organisation.

Understand Target Exposure

Every attack needs to start somewhere, threat actors need to know how and who to contact in your teams. They do this research into your organisation and conducting a phishing security assessment allows you to see what information is out there and how it can be abused to refine attacks against your organisation and its people.

The Agility Cyber Approach

Like all our engagements, we want you to get the most out of your phishing security assessment and we do this by:

Real World Attack

We do not use simplistic templates. We tailor our phishing attempts to your organisation specifically. An employee will react very differently to a genuine, well researched and executed attack in comparison to an attack using widely used examples, so for accurate risk insight we tailor everything about our approach.

Controlled Environment

The phishing exercise is not done to you, it is done with you. An engagement plan is discussed and agreed upon prior to any interactions taking place. This plan has input from our own intelligence gathering activities, supplemented by our threat actor knowledge as well as direction by you as you know your organisation best and may have specific areas or systems you wish to focus on.

Multiple Objectives

We understand how threat actors work and they do not limit themselves to one objective per interaction and do not try the same approach with every contact attempt. Our objectives are set at the outset with you and are used to guide our approach, ensuring we can vary techniques both within the communication channel and between contact points to give you a realistic threat simulation.

Extensive Open Source Intelligence

Threat actors will spend the time researching your organisation as it increases their success rate, so do we. We enumerate as much relevant information as we can and ensure the level of information and its uses is documented for your organisation, both to help you understand your current risk but to also assist with guarding from future genuine threats.

Empathy

Launching attacks against other humans is not the same as attacking a computer network. People have feelings and we are always cognisant of this, treating everyone with respect whilst moving towards the objectives of the engagement. We also encourage organisations to support us with discussions with employees, so they understand it is not personal and is about everyone improving.

Benefits of Partnering with Agility Cyber

Mutually Invested

Our experts work with you, not against you. There are no egotistical celebrations when a serious issue is discovered, just rapid full disclosure with pragmatic suggestions for effective remediation followed by ongoing support.

Clarity and Simplicity

We always provide clarity, believe in simplicity and value your time. An example is rather than waiting until the engagement starts, we will conduct open source intelligence gathering activities before the scoping meeting to help us understand your organisations position and risk posture thus enabling us to ask better questions, securing you higher value and saving you time.

Full Consultancy

Our team, based in the UK, is technically exceptional but we pair that with business sense to discover, triage and help you remediate the full range of security issues.

Impartiality

We are impartial, we do not sell you products or the latest buzzword laden trending solution.

Outstanding Service

We have an industry leading turnaround, agility is in our name after all. Proposals are shared with you within 24 hours of the scoping meeting. Accurate and complete daily debriefs are given during every engagement. The report is shared within 5 working days at the latest.

Scroll to Top