What is the Targeted Attack Email Training Service?
The Targeted Attack Email Training Service is a training service for dealing with targeted attack emails, which are an advanced and sophisticated cyberattack targeting a specific corporation or organization.
The attacker starts by collecting information about the target corporation, organization, and affiliated employees. Then, the attacker impersonates employees, related organizations, or outside parties making inquiries, and uses various methods to send emails for malware infection. If even one computer in an organization becomes infected with malware, the attacker collects information on that computer and network. The attacker then uses the information to access servers and databases in the organization, or to repeatedly spread the infection to other computers with the aim of gaining unauthorized access. In the event that important administrator authority, etc., is stolen and device control authority within the organization is taken by an attacker, it is possible that the attacker will continue to conduct unauthorized observation of the organization and to exploit information.
The Targeted Attack Email Training Service trains personnel to understand important points for identifying suspicious emails and the internal reporting flow. This will prepare you in case you receive a targeted attack email. Holding continuous training will reduce the risk of unauthorized access to internal systems by targeted attacks, and will raise the security awareness of trainees.
The attacker starts by collecting information about the target corporation, organization, and affiliated employees. Then, the attacker impersonates employees, related organizations, or outside parties making inquiries, and sends emails for virus infection while repeatedly changing the method of sending.
If even one device in an organization becomes infected with a virus, the attacker collects information on that device and network. The attacker then uses the information to access servers and databases, or to repeatedly spread the infection to other devices with the aim of gaining unauthorized access.
Eventually, the attacker will acquire administrator authority, control multiple devices in the organization, and then continuously observe the organization for the purpose of stealing information.
In IPA’s “10 Major Security Threats 2020,” the top threat to companies and organizations was “Confidential Information Theft by APT (Advanced Persistent Threats),” and the third-ranked threat was “Financial Loss by Business E-mail Compromise.”
Source: 10 Major Security Threats 2020 (IPA)
Additionally, the Cybersecurity Management Guidelines also describe “targeted attack email training” and recommend that corporations hold training for their employees.
Source: Cybersecurity Management Guidelines 2.0 (Ministry of Economy, Trade and Industry)
- A pseudo targeted attack email is sent to the user for training purposes. If the user opens an attached file or link, the pseudo attack is revealed on the training site. By notifying the user of the risk and conducting a follow-up questionnaire, the training raises the security awareness of employees immediately after implementing the service.
- Educational courses can be held by security specialists during training and after training.
- Log aggregation results and training implementation reports based on the results of the questionnaire are also provided. This information can be used for future security measures.
- The service can be customized according to the customer’s environment and situation.
The service will solve problems such as the following.
- I am unable to identify suspicious emails.
- I don’t know the initial response to be taken when attacked. Or, I want to confirm the capability of responding according to rules.
- I want to raise awareness toward targeted attack emails and other forms of cyberattacks.
- A pseudo targeted attack email is sent to the specified email addresses. The status of opening URL links and attachments by recipients is aggregated.
- Security awareness is heightened by creating awareness of risks and conducting a follow-up survey.
- Educational courses are held by security specialists (optional).
- Log collection results and training implementation reports are provided based on questionnaire results.
- We are capable of customized proposals to fit the customer’s needs and budget.
Please feel free to contact us to receive a quote for each service.