protect against phishing attacks · by providing user awareness training, we can help your...

www.khipu-networks.com

Solution Brief

Protect against Phishing attacks

____________

Simulated Phishing &

Associated Awareness Training Services

____________

Simulated Phishing & Associated Awareness Training

Solution Brief Prepared for HEAnet

UK: +44 (0)345 2720900 [email protected] @KhipuNetworks www.khipu-networks.com

What is the threat, what is the risk to your institution? Cyber threats - Phishing, malware, ransomware can go undetected for days, weeks and months. The impact can be considerable with data leakage/loss, network outages, financial loss and reputational damage. The cyber security landscape is constantly changing - phishing and ransomware are compromising organisations and people every day. These threats have to be dealt with in a number of ways by addressing all levels of the infrastructure - from the outside world, all the way to the users – what we call the “outside-in and inside-out” approach to cyber security as shown below.

Khipu’s outside-in and inside-out approach to cyber security Our approach to cyber security provides a complete solution to each of the threat layers within an organisation, removing the risks of being victim to an attack. Our “outside-in and inside-out” model ensures that any threats or incidents can be identified, isolated and reported on immediately, with a pro-active approach to future prevention.




Education’s vital in the defence against phishing & ransomware Even with extensive investments in your IT security infrastructure, the weakest and most vulnerable layer of defence in your organisation are your users. Many of the recent successful cyber-attacks which have crippled organisations, caused severe financial loss and damage to reputation - have been as a result of phishing.

Addressing the last layer of defence, the users, is a crucial element of Khipu’s cyber security offering where our Phishing-As-A-Service platform provides a complete awareness training solution for any organisation, small or large. Simulated Phishing & Associated Awareness Services By providing user awareness training, we can help your institution in the protection against cyber threats. The simulated phishing and associated awareness training service is designed to suit institutions of any size and its cost model is based upon the following bands:

• Small 0 to 1,000 users • Medium 1,001 to 10,000 users • Large 10,001 to 50,000 users

Each simulated phishing campaign includes the below services and are purchased in increments of 1, 4, 8, 12 and so on (flexible option also available). Simulated Phishing Services (campaigns): Customer-tailored phishing scenarios to identify the ‘risk factor’ and how vulnerable the institution is to phishing attacks:

• Infrastructure: Are email accounts and systems, as well as the perimeter security (e.g. spam and web filtering, firewalls etc) configured correctly or capable of protecting against a phishing attack?

• Users: How many open phishing emails, click on URL links and share information via phishing websites? How many download attachments from unknown senders?

• Processes: How do users / IT helpdesk departments etc react to phishing emails? • Devices: What operating systems, web browsers and plug-ins are being used – are

they authorised or vulnerable? Associated User Awareness and Training Services to raise awareness of cyber-attacks delivered via phishing emails, spam, social engineering attempts etc, to help prevent both the individual and institution from being successfully attacked.

• Awareness training customer portals: What is phishing, facts, statistics, how to identify, what to do, quizzes, training videos and interactive material.

• Classroom training – Cyber security awareness: That covers all key areas on cyber security and phishing including Cybersecurity 101, phishing: what is it, the facts and threats to your personal and work life, detection and avoidance, supported by cybersecurity awareness quizzes. The agenda has been designed for staff, both with and without extensive knowledge of IT. Note; this is a separate cost.




Risk Assessment and Phishing Prevention Report created after each activity, highlighting the risk, all findings including comparisons from previous simulated phishing and training exercises (to measure the success), with recommendations for training, infrastructure configurations and solutions for on-going protection and prevention. All training services are carried out and led by only experienced and trained cyber security specialists. Complimentary simulated phishing attack services "pay as you go" To complement the services, the following "pay as you go" security options are available. These are purchased as ‘add-ons’ to the simulated phishing campaigns.

• Additional Phishing campaigns • Phishing SMS (known as smishing) up to 50 phone numbers per campaign • USB stick malware attack simulation • Simulated ransomware attacks • Classroom training – Cyber security awareness; available offsite and onsite • Customised 3-minute awareness training video • Cyber security best practise workshops (post campaigns)

The service is already being used by many Universities and Colleges as well as other public sector organisations, enabling them to identify their risk to phishing attacks and provide the necessary training and user awareness to help prevent being successfully ‘phished’. A Public Sector Framework – HEAnet clients The public-sector framework, that Jisc tendered for, is available to all of HEAnet’s clients and allows them to purchase the service directly from KHIPU. Hence removing the need to undertake a procurement / tender exercise, which saves both time and cost, as well as provides value for money.




Why KHIPU’s Simulated Phishing & Awareness Training Service Khipu Networks “Phishing As A Service” is a unique offering for organisations that wish to protect their environments from the ever-changing cyber threat landscape. Our awareness training includes the following unique value-add services: Procure without a tender process: Following an OJEU competitive tender process, Jisc selected KHIPU to provide the service to the public sector. KHIPU’s offering was the most economically advantageous solution that was supported by customer references and ISO processes. Cost Effective and Easy to Scale: A single cost regardless of how many users are “phished” instead of a “per-user” price model which can be expensive and difficult to scale. Trainer lead: The awareness training service is carried out by only experienced and trained Cyber Security experts. The service is not an “email-only” software solution. Unique offerings including:

• Unlimited email addresses / users • Customised awareness training video • Trainer-led by experienced Cyber Security specialists • Security “pay as you go” services including endpoint vulnerability assessments and

simulated ransomware attacks. • Simulated USB and ‘smishing’ (SMS phishing) attacks • Flexible and tailorable services to meet specific customer requirements

Classroom Cyber Security Training Services: Courses, interactive sessions and tests available for improved staff awareness, security policy compliance and employee inductions. Courses are held either on onsite at the customer premises, offsite at Khipu’s training centre or virtually (online). Khipu – a Complete Networking and Cyber Security Company: We can advise on an organisations entire networking and cyber security strategy as our services and products address all areas relating to cyber threats and attacks.

Educate your users - They are your biggest risk and greatest asset -

Please contact the KHIPU to find out how our services can protect your institution against the ever-changing cyber threats including an example ‘phishing vulnerability risk assessment service’ and our 15-minute introduction webinars:

• [email protected] • +44 (0)345 2720900 • @KhipuNetworks • www.khipu-networks.com/contact-us/

protect against phishing attacks · by providing user awareness training, we can help your...

Documents