Phishing targets all companies of all sizes. And, as long as hackers have something to gain, there is no industry they won’t target. However, certain industries and verticals are far more attractive and likely to be victimized by cyber attackers than others by nature of the potential value of the data and other digital assets in their protection.
All personally identifiable information has some value to someone on the Dark Web, whether it will be used for identity theft purposes, for an advanced targeted attack or for something else. That makes any organization with personally identifiable information as highly a prized target as any financial organization. And with the rise in ransomware, data in any organization can be held hostage for a payoff.
Energy and Utilities
As part of a nation’s critical infrastructure, the energy and utility sectors face challenges from cyber-attacks carried out by well-funded adversaries and nation states, and increasing regulatory pressures to operate assets in a reliable, safe and secure capacity. With over 40 percent of cyber-attacks targeted at the energy sector, spear phishing is a proven risk to energy companies. PhishMe’s immersive training methods, coupled with our industry knowledge and customer experience, help energy and utility organizations develop an effective security program to mitigate and detect phishing attacks.
As the industry most commonly targeted by cyber threat actors, firms in the financial
services sector face a complex mix of threats from a diverse group of economically motivated adversaries. PhishMe works with leading financial sector firms in the United States and EMEA to reduce employee susceptibility to spear phishing attacks and encourage user reporting of suspicious email. By developing specific exercises tailored to the industry, PhishMe helps customers train their staff to recognize the most relevant attack tactics. As an added benefit, PhishMe can demonstrate annual staff training requirements for a variety of regulatory requirements.
Government and Defense Industrial Base
With 95 percent of state-affiliated espionage attacks gaining a foothold in victim networks through phishing, training employees to defend against phishing is an important security measure for government organizations and contractors. The public nature of many government employees makes the challenge even more difficult, as attackers can readily access information to craft spear phishing emails through public online resources. PhishMe features such as Highly Visible Target Identifier and Highly Personalized scenario builder allow organizations to identify employees with visible online presences, and simulate attacks featuring relevant personal information similar to the recipient.
2016 has seen ransomware targeting healthcare organizations – holding critical data hostage. With healthcare data proving to be extremely lucrative on the black market, healthcare providers and insurance companies have become a high-value target for attackers. The industry faces challenges ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA), as well as training a diversified workforce that operates in a high-stress environment. PhishMe’s immersive training method allows healthcare providers to train their frontline workforce in a repeatable, minimally invasive manner that produces measurable results. Additionally, our training modules allow organizations to address HIPAA requirements surrounding the handling of electronic protected health information (ePHI).
Firms in the legal industry often possess sensitive business information and intellectual property from high-profile corporate clients, making them rich targets for corporate espionage and other cyber-attacks. As attacks against law firms have increased, so too has the scrutiny given to their security practices by both corporations and law enforcement. PhishMe trains staff to recognize the email tactics used by advanced threat actors to compromise systems, and offers comprehensive reporting and analytics that demonstrate reduced user susceptibility and improved threat detection rates.
Accessing intellectual property is a primary objective for advanced threat actors – making manufacturers and their partners a prime target for spear phishing attacks. PhishMe simulates the spear phishing tactics used to compromise systems, allowing our manufacturing customers to train their users to recognize highly-personalized attacks, conversational phishing, and attachment-based phishing with numerous file formats. With content translated into a number of languages, PhishMe accommodates organizations with operations in multiple countries and languages.
Recent attacks against prominent media outlets have shown this industry’s vulnerability to phishing attacks. Building staff awareness can be a challenge for media organizations that have cultures rooted in the open sharing of information, and PhishMe has helped numerous media organizations integrate safe email use into their cultures by providing immersive training that mimics the attack techniques used by groups such as the Syrian Electronic Army.
Business operations in multiple countries and languages present unique challenges to effective security education and training efforts. PhishMe enhances the learning rate for multicultural organizations by allowing customers to conduct exercises in localized time zones and in a recipient’s native language as well as in the official company business languages. PhishMe has run exercises across the globe, providing an unmatched expertise in navigating cultural and privacy concerns. PhishMe has operationalized a data center in the EU to help organizations comply with EU data privacy regulations and avoid data export challenges.
Not surprisingly, financially motivated attackers have heavily targeted retailers to extract credit card and other financial information. Spear phishing has proven to be an effective method for hackers to gain a foothold in PoS systems, leading to a number of high profile retail breaches that have drawn national attention. PhishMe’s comprehensive reporting features offer demonstrable proof of changing user security behavior by reducing susceptibility to phishing attacks and can help satisfy PCI requirements.
Our customers include the defense industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response, and reduce the risk of compromise.