City, University of London is using phishing defence products against email-based cyber attacks. The university will deploy PhishMe software: PhishMe Simulator, PhishMe Triage and PhishMe Reporter over three years. Large and regularly changing populations of students and staff with many different endpoints are enough to tempt cybercriminals wanting to get their hands on intellectual property, the cyber firm says. City engaged PhishMe in mid-2017, who ran a scenario during the annual freshers’ week to provide an indication of how susceptible the new students could be to phishing attacks. The results from the initial simulation showed a concerning susceptibility rate which was enough to convince the university that it needed help in conditioning IT users to be more effective at identifying, reporting and mitigating phishing threats. PhishMe’s analytical data and one-touch reporting mechanism has been integrated into the university’s incident management system.
Claire Priestley, director of Information Technology at City says: “Today, improving the security posture of the organisation can be found in the top two items of almost every CIO and CISO’s agendas. When we launched the latest Information Security Strategy last year, PhishMe was an easy choice to augment our underpinning programme of information security initiatives. Our user community numbers at least 20,000 at any given time. The rapid growth in ransomware contained in phishing emails across all sectors last year necessitated a solution that would help us quickly and effectively build awareness, provide targeted training solutions and offer a one-touch reporting mechanism that integrated easily with our incident management system.”
And Rohyt Belani, CEO and co-founder, PhishMe says: “With access to cutting-edge research and users who have a high degree of susceptibility to phishing tactics, universities present a lucrative target for threat actors. For staff, a constant stream of new students can make it difficult to pinpoint suspicious emails, while students are often not fully incorporated into the organisational infrastructure and will not have had basic awareness training which might have raised resilience to phishing attacks. Employing human-focused conditioning techniques is therefore an effective approach for educational institutions such as City, University of London, looking to dramatically improve detection and responses to potential security threats.”
For the university, the ability for users to report threats in real-time is as important to incident response. Claire Priestley added: “Rapid reporting and identification means we can deliver a faster response, and the additional analytics provide invaluable data to help further develop our security intelligence and target our training support to the users that need it most, at the optimum times.”
