Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

7/30/2009
10:35 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

U.S. Military Academies To Use 'PhishMe'

Spear phishing tool to be used to train 22,000 Army, Navy, Air Force and Coast Guard Cadets through user awareness

New York, NY. " July 24, 2009 " Intrepidus Group, a leading provider of information security services and software, today announced that the United States Military Academy, the United States Air Force Academy, the United States Naval Academy, and the United States Coast Guard Academy are adopting PhishMe' to periodically and continuously train their 22,000 cadets to thwart spear phishing attacks.

The United States Service Academies, also known as the United States Military Academies, are federal academies for the undergraduate education and training of commissioned officers for the United States armed forces. The Service academies are committed to expand their security curriculum and preparedness training with the implementation the PhishMe software to educate and test their cadets, and conduct joint research with Intrepidus Group in the area of sophisticated phishing and whaling attacks.

The PhishMe product provides a proven mechanism for delivering effective human education in the fight against targeted phishing and whaling attacks that are used in email-based "social engineering" schemes. These schemes comprise spoofed emails claiming to be from legitimate businesses and agencies to lead users to counterfeit websites designed to trick recipients into divulging sensitive data such as usernames and passwords, or installing malicious software on their systems.

"Intrepidus Group has created an intuitive, valuable solution in PhishMe to educate users and modify behavior to significantly reduce the probability of success of phishing attacks," said Lieutenant Colonel Ron Dodge, Associate Dean, IETD, United States Military Academy. "We look forward to training our student body about this threat through first-hand experience."

The number of phishing attacks are on the rise, increasing the risk to organizations, employees, and end-users. According to a recent Phishing Activity Trends Report by the Anti Phishing Work Group (APWG), password-stealing crimeware reached an all time high of 31,173 in December, an 827 percent increase from January 2008. In addition, more than 250 corporate brands were hijacked by phishing and whaling campaigns.

PhishMe addresses these threats with an innovative mechanism for training users that are most susceptible to email-based, social engineering cyber threats that may penetrate anti-spam, or phishing filters. The software platform lets organizations establish a human firewall against these attacks by providing a user-friendly, cost-effective system for facilitating mock phishing exercises and the delivery of real-time, electronic-based training. Using PhishMe's built-in templates and WYSIWYG, (What-you-see-is-what-you-get) functionality, security professionals can easily build realistic phishing attacks, collect metrics on user behavior, and immediately present online security awareness training material to those found vulnerable to rapidly impact human behavior.

Since its launch in July 2008, PhishMe has been adopted by US government agencies and Fortune 1000 companies across multiple vertical market sectors including Financial Services, Healthcare and Defense Contracting. More than 250,000 people have been trained, using PhishMe, to identify and thwart spear phishing attacks.

"PhishMe is a proven mechanism of educating humans to impede targeted phishing attacks which can place organizations, their employees and customers at significant risk," said Rohyt Belani, CEO, Intrepidus Group and Adjunct Professor at Carnegie Mellon University. "We look forward to our engagement with the Service academies in training the military leaders of tomorrow."

About PhishMe PhishMe is a software-as-a-service (SaaS) solution designed to help prevent damage, theft and loss caused by targeted (spear) phishing attacks. PhishMe facilitates and automates the execution of mock phishing exercises against employees, provides clear and accurate reporting on user behavior, and most importantly provides instant, targeted employee training. This method of delivering training materials is recommended by SANS and found to be most effective by researchers at Carnegie Mellon University.

About Intrepidus Intrepidus Group is a leading provider of information security consulting services and software solutions. With offices in New York City and the Washington DC metro area, the company offers innovative solutions to help clients build employee awareness around common information security issues. Intrepidus Group's consultants also conduct hands-on assessments of critical applications, networks and products to uncover vulnerabilities, and provide strategic and tactical recommendations to address identified issues.

###

PhishMe.com is a registered trademark of Intrepidus Group. All other product and company names herein are or may be trademarks of their respective owners.

Intrepidus Group One Penn Plaza Suite 6180 New York, New York 10119 http://intrepidusgroup.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Human Nature vs. AI: A False Dichotomy?
John McClurg, Sr. VP & CISO, BlackBerry,  11/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: -when I told you that our cyber-defense was from another age
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15073
PUBLISHED: 2019-11-20
An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities.
CVE-2019-15072
PUBLISHED: 2019-11-20
The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities.
CVE-2019-15071
PUBLISHED: 2019-11-20
The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail syste...
CVE-2019-6176
PUBLISHED: 2019-11-20
A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service.
CVE-2019-6184
PUBLISHED: 2019-11-20
A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation.