Mimecast unveils SAFE Phish for phish testing and training

Known as SAFE Phish, it aims to let security teams create training exercises using real-life, de-weaponised campaigns that target their organisations and employees. Training results are engineered to be incorporated into the Mimecast SAFE ScoreTM dashboard, which is designed to aggregate data to gauge a company’s security posture. Organisations have an opportunity to re-define the way overall risk is measured as a result.

“Replicating genuine phishing attacks for training purposes has historically been challenging,” said Michael Madon, senior vice-president and general manager of Mimecast Security Awareness Products. 

“With SAFE Phish technology, end-users can safely be exposed to real-life, de-weaponised phishing attacks to make training more effective and provide a data-driven picture of which employees are most at risk.”

SAFE Phish results act as a security feed, data from phish testing can be incorporated into the Mimecast SAFE ScoreTM dashboard, which is designed to calculate individual user risk using four factors – engagement, knowledge, sentiment and bad URL clicks. 

Mandy McKenzie, director of product management for Mimecast Awareness Training, commented, “Security teams can get a more complete view of risk at both the individual and organisational level and also benchmark their performance against peers in their industries or geographical regions. Using that information, they can take a more proactive approach to addressing potential issues, from applying new security controls or assigning additional training to their riskiest users.”

Combating phishing and impersonation attacks

According to recent research from Mimecast, almost 60 per cent of 1,025 IT decision makers said they saw an increase in phishing (58 per cent) and impersonation attacks (60 per cent) over the last year. The uptick of COVID-19-related phishing campaigns also highlights the fact that threat actors are looking for new opportunities to target victims with relevant topics.