John McCabe, Cofense
It’s a common issue. Managed service providers tasked with improving customers’ phishing defense aren’t sure how many targeted users are receiving simulations.
If a user isn’t on email when a phishing simulation hits—let’s say they are in a meeting, or fast asleep in a different time zone—the message may get buried in in the daily email avalanche. There’s also a chance the email doesn’t get past perimeter security.
But now you have the chance to change the game.
Introducing a new capability called Responsive Delivery, recently added to the Enterprise Edition of Cofense PhishMeTM. It allows MSSPs to deliver a simulation only when targeted users are actively using email. It also delivers the simulation directly to their inbox, eliminating potential problems at the perimeter such as whitelisting and technical issues arising from gateway configurations.
Here are 3 issues this new capability will address. To MSSPs that manage an anti-phishing program, these will sound familiar.
“Whitelisting really complicates delivery and reporting.”
Sometimes the email gateway is a blessing and a curse. Though it doesn’t catch every real phishing email, it’s configured to stop the majority—and in doing so occasionally also catches simulations.
That’s a two-fold problem. Too often users miss out on the chance to test their ability to catch a phish, which hurts the organization’s overall resiliency to phishing attacks and prevents a service provider from demonstrating the real value of outsourcing the service.
Also, the anti-phishing program’s metrics get thrown off. Say a simulation is sent to 500 users. If 250 report the email and 250 fall susceptible, that’s a 1:1 ratio, which is pretty decent. But what if, thanks to whitelisting, 75 employees never got the email? Mathematically, the reporting is fine, but users’ true readiness will remain unclear.
“We work with many time zones, so scheduling is tough.”
We hear this one a lot. Eastern Time, Pacific Time, Perth, and Sydney times—when simulations are planned to arrive when users across different locations and time zones are at work, scheduling can get complicated.
It’s one more thing to worry about, one more drain on a service provider’s time. Having to untangle time zones only adds to the headaches.
“If people aren’t on email when we send, we might miss them.”
Everyone is snowed under by emails these days. So when somebody isn’t on email for even a couple of hours, he or she may have 20 or 30 messages stacked up.
It’s easy for that person to miss a simulation—the one your service provider carefully crafted and scheduled, the one whose results are eagerly awaited. The teachable moment may have passed. If there’s no “evidence of life” on the email account, a simulation could be dead on arrival. Can you say “inefficient?”
Cofense PhishMe Responsive Delivery addresses this issue. What’s more, it adds another layer of automation to anti-phishing programs, making them more efficient. To change the game for your customers, learn more.