Phishing simulation and user awareness training

Anti-phishing training programs are designed to help identify and reduce employee susceptibility to phishing attacks. They have been shown to reduce successful phishing attacks and malware infections by up to 90%.

The Cyber Security Unit (CSU) has established a suite of vendor provided Phishing simulation and user awareness training resources delivered by Proofpoint, Inc.

Phishing simulation and user awareness training is underpinned by a proven four-step approach.

• Assess—the ThreatSim® Phishing Simulation platform enables agencies to assess how susceptible their employees are to phishing and spear phishing attacks. End users who fall victim to simulated attacks are automatically presented with ‘just-in-time’ anti-phishing training and guidance which identifies the warning signs that should have been picked up by the user and offers tips to help avoid future threats.
• Educate—security awareness training programs include targeted anti-phishing training as well as organisation-wide education. Phishing attack training approach and interactive training modules enable agencies to deliver effective cybersecurity education in a flexible, on-demand format that minimises disruption to daily work routines.
• Reinforce—reinforcing best practices is critical to improving information retention. The PhishAlarm® email reporting tool enables employees to report a suspicious phishing email with a mouse-click and the email prioritisation tool helps maximise the capabilities of PhishAlarm® and streamlines response and remediation efforts on reported emails.
• Measure and analyse results—tracking and analysis features deliver a range of reports that provide granular insights into the results of anti-phishing campaigns and training programs. Analysis tools help to shape simulated phishing campaigns and identify users who are likely to benefit from additional education.

Using this service enables Queensland Government organisations to meet their obligations as specified under the Information security policy (IS18:2018) and improve cyber security maturity.

Business benefits

This training allows an organisation to:

• protect against social engineering threats before they disrupt business operations
• identify and protect against email phishing attacks that could damage their reputation
• plan and practice responses to different types of email phishing attacks in order to develop resilience and readiness against cyber threats.

Technical capabilities

• Send simulated phishing, SMS and USB attacks using thousands of pre-built, modified or custom created (agency) templates.
• Simulate link-based, attachment-based, and data-entry style attacks using features such as system click detection and random scheduling.
• Send predefined and custom knowledge assessments on important cybersecurity and compliance topics to obtain a baseline on user security awareness knowledge.
• Auto enrol end users that perform inadequately on simulated attack campaigns and knowledge assessments into targeted training programs.
• Generate reports to identify targeted users, frequency and types of phishing attacks.
• User Awareness Training modules can be easily integrated into most Queensland Government Learning Management Systems (LMS).

All government agencies and related bodies are eligible to access this service.

To register your interest, contact the Cyber Security Unit (CSU) via email at cybersecurityunit@chde.qld.gov.au.

Ensure you include ‘Phishing simulation and user awareness training’ in the email subject title.

Learn more about the ThreatSim Phishing Simulation from Proofpoint.