- Managed Services
- Security Engineering
- About Us
- News & Blog
One of the most common causes of information security incidents are social engineering attacks, where a malicious actor directly targets the human element of cyber security. These attacks can result in ransomware or other malware being deployed, business email compromise, all the way through to data breaches.
Simulated phishing services complement internally or externally held cyber security awareness trainings by providing real-world practical scenarios to cement learning and foster a security-first culture. Phishing as a service provides clients with up-to-date techniques utilised by real attackers, as well as visibility into performance and result metrics.
Our Phishing as a Service utilises real world phishing tactics to test your organisation and staff against business email compromises.
Using practical testing exercises help to increase the resiliency and awareness of your staff, resulting in better protection of your organisation as they learn to recognise phishing emails over time.
This service provides reporting per campaign, with multiple options of date, time, and email templates available.
This awareness component, delivered by information security experts, helps to train staff to recognise phishing attempts, follow best practice when it comes to information security, and educates them as to the importance of good security practises. Understanding what can happen from clicking on a malicious email, from ransomware to business email compromise is an important part of motivating staff to keep security front of mind.
Real-world adversaries heavily exploit staff through social engineering attacks or by masquerading as legitimate organisations in a phishing attack, most often via email though increasingly through SMS. Staff who interact with these malicious emails may unknowingly expose the organisation to a business email compromise (BEC), giving adversaries sensitive information, or access to internal networks through delivery of malware.
Staff are a key first line of defence against social engineering attacks such as phishing; the ability to spot a phishing attempt and take appropriate action to report the email is critical to preventing business email compromise or to reduce the impact of ransomware or other malware.
As attackers continue to improve their delivery methods and the complexity of attacks, phishing attempts can become difficult to spot, which is why having an information security specialist conduct the simulations with the latest up-to-date techniques can be necessary.
For organisations that have specific information security compliance requirements, Security Centric’s online training provides a convenient and cost-effective way to achieve the necessary general user training. Training is available for ISO27001, ISM, PCI-DSS and other security standards and can optionally be hosted in a face-to-face format by Security Centric's subject matter experts.
While organisations understand the importance of security awareness training, taking staff away from their main job for a course can be challenging. Security Centric offers online security awareness training that covers all core aspects of information security delivered as a series of learning modules, each approximately 2 minutes in length. This gives organisations the option to have staff complete the course at their own pace, or in their own time as appropriate.
For more information on the online cybersecurity awareness program, please contact us.