Organizations with less than 1,000 employees is the target of Barracuda Networks Inc.’s latest update to its anti-phishing training, and the security and storage solutions firm is leaning on its channel partners to distribute it.
The cloud security solution provider announced a new edition of Barracuda PhishLine, five months after acquiring PhishLine, LLC, a leading SaaS platform for social engineering simulation and training. Barracuda wants to extend its PhishLine training capabilities, which are designed to help employees spot highly targeted phishing attacks.
“As phishing attacks have become increasingly stealthy and targeted, our adversaries have shifted their focus from the largest organizations to smaller targets,” said Hatem Naguib, senior vice-president and general manager of security at Barracuda.
The announcement is also accompanied by a new study from Dimension Data. Commissioned by Barracuda, the study includes responses from more than 630 participants, all of whom had a responsibility for email security in their organizations. Nearly everyone – 84 per cent – agrees that poor employee behaviour is a greater email security concern than inadequate tools, but only 77 per cent of these respondents said they are offering employees any training. Study results also show that 63 per cent of organizations believe phishing simulations to be the most popular form of training, followed by end user training, at 41 per cent. Additionally, it doesn’t matter what level of employee receives the training – everyone, even executives, pose a risk.
“However, the payoff could be larger if an executive falls for a social engineering attack due to the access they have to sensitive information. This is further proof that criminals are operating like a business—they are making good risk/reward decisions just like someone would when organizing a corporate strategy,” says the report. “However, the easier target may in fact be the frontline staff who aren’t always aware of the risks and impacts related to bad behavior.”