Phishing Vulnerability Assessments
Defend your organisation
Phishing awareness training
90% of breaches involve phishing - train your workforce
to handle phishing attacks
Prevent loss of data, assets, reputation and money with PGI's phishing vulnerability assessments.
What is a Phishing Vulnerability Assessment?
More than 90% of cyber breaches are a result of successful phishing campaigns. These breaches can result in a loss of network functionality, degraded utilisation of hardware, and significant reputational damage. Phishing emails are responsible for threats entering networks and systems, providing intruders with a foothold to continue their attack from.
With phishing emails and the associated techniques that threat actors use becoming more sophisticated and harder to spot, PGI recommends phishing vulnerability assessments to help you minimise risk and improve your processes.
Why have a Phishing Vulnerability Assessment?
A phishing vulnerability assessment is designed to boost awareness of risk and demonstrate how all employees can help to improve cyber security in the workplace, through better recognition of potential hazards.
Take control of your business
Businesses can control the technology being used in the workplace, conducting due diligence when introducing new hardware and software. However, it is not as easy to ensure the same due diligence when it comes to employee action, with risk heightened through the use of out-of-date software, unsafe online behaviours, and by interacting with phishing emails.
Educate on common threats
Phishing campaigns can open organisations up to a range of threats, primarily that of malware, which includes computer viruses, spyware, rootkits, adware, keyloggers, participation in botnets, and ransomware. As an example, Ransomware is a major risk, with an estimated 300,000 devices infected in the ‘WannaCry’ ransomware attack alone.
Mitigate the risk of data breach
Through email compromise, cyber threats can impact an organisation’s bottom line; in just a 12-month period, 1,500 phishing reports were logged, costing UK businesses £32.2m.
How we conduct Phishing Vulnerability Assessments
At PGI, we use a simulation approach, or ‘ethical attack’, to carry out a controlled phishing campaign over a duration agreed with the customer.
We utilise various techniques in an attempt to uncover dangerous behaviour taken by users, such as disclosing passwords, user information, and other confidential data held by your business. The degree of email authenticity can be tailored, showing your employees just how convincing some phishing attempts can be.
PGI will conduct a bespoke test email phishing campaign, tailored to your organisation, based on:
- Open source research
- Our knowledge of your organisation
- The latest attacks targeted at your industry
This campaign can be carried out over any period of time with multiple emails. The realism of these emails and the domain names used will vary to replicate the different abilities and skills used by attackers.
Upon failing to identify a phishing email, staff will be presented with a short educational message, such as a training video or webpage to help them identify and mitigate against that type of attack in the future.
Metrics and follow-up
PGI will monitor and report on the following metrics throughout the exercise:
- Opened phishing emails and potentially malicious links clicked/ attachments downloaded.
- Geographical location of the user opening the email to identify access in non-typical locations.
- Out-of-date browsers and plugins, identifying potentially vulnerable users.
- Users who are subject to phishing emails but have failed to complete follow-up training.
- Reductions in the number of successful phishing emails.
At the end of the campaign, PGI’s security experts will generate a comprehensive report, which will provide an analysis of current cyber risk profile.
By understanding your organisation’s security posture, you can make informed decisions on effective investment in education and technology, as well as improving your organisation’s level of security and awareness. This allows you to maximize the return of your cyber security budget, delivering demonstrable impact.
Product & pricing
|£ Request a price||
Fully managed 4-week long campaign
Bespoke customised template
Why choose PGI?
PGI is a nationwide leader in phishing vulnerability assessments, offering a comprehensive, tailored assessment which not only highlights areas of risk, but also supports you and your employees as you work to build a safer, more secure work environment. We do this through a full review of the assessment findings, and by delivering relevant educational resources to your employees.
Reports suggest that only 20% of businesses offer cyber security training for their staff. It is our aim to provide you with the necessary resources to train your staff on site, at their desks as part of their normal operating routine, improving their understanding of phishing risks.
Phishing knowledge hub
It is crucial that a workforce understands how it could be targeted by phishing, as well as knowing how to prevent it from happening. Here are a few resources and products that could help keep you cautious.
Products & resourcesTraining anchor
NCSC'S Phishing Guide
Keep to hand the National Cyber Security Centre's new phishing guide.Find out more
Take our phishing test
Why not try out our phishing test to see if you can spot a scam email?Find out more