Phishing Employees consists of the sending of simulated phishing attacks to all members or selected groups of an organization, with the goal to establish the percentage of employees that will click on phishing links. Once that percentage is established, a Security Awareness Program can be deployed with the express goal to get the percentage of phish-prone employees as low as possible, ideally to zero. Phishing employees usually gets done by the IT group of that same organization, or by their Security Team. Sometimes the project is done by third parties under contract by the organization.
Phishing employees is a tactic that is becoming popular at the time of this writing (Early 2012), as cyber criminals are increasingly deploying sophisticated spear-phishing attacks that are very difficult to defend against. Employees turn out to be the weakest link in IT security, and cyber crime is exploiting this vulnerability to the fullest.
Organizations that need to comply with Government or Industry regulations (i.e. GLBA, PCI DSS, HIPAA, Sarbanes Oxley) normally require formal Security Awareness Training for all employees, usually once or twice a year. However, as is known, Compliance and Security are not the same thing. Many of the companies that were hacked the last two years were compliant and did pass an audit. Similarly, once a year a phishing refresher course (similar to Sexual Harassment Training) is insufficient when employees frequently get exposed to sophisticated phishing attacks.
Many Small and Medium Enterprises (SME's) do not require formal Security Awareness Training for regulatory compliance, but train their employees to prevent phishing security breaches, and find that phishing their own employees with simulated attacks is a very effective tactic to keep security top of mind, and the employees on their toes regarding email security.
There are four ways to phish your own employees, depending on your Buy / Build determination.
*Build your own from the bottom on up. Recommended for large organizations with a dedicated security team, who can spend the time to build and maintain such a setup. In summary: Raise a temporary webserver, and ‘roll your own’ phishing site. Then create your own phishing email that should lure your users to your fake site, using what you know about Social Engineering. Work out how the tracking and reporting works, and code that. Next, send the email to all users using a mail server that allows you to spoof the 'From: address'. Then keep track, and report to the relevant managers. If you know what you are doing this is a few days's work. There is some help from the open source arena though. The Simple Phishing Toolkit (link below) makes this option easier to get done. Brian Krebs has a good article about it: Link to Krebs Blog
*Engage an outside security consultant to come in and do all the above as part of a ‘mini PEN test’. From a cost perspective you are looking at roughly 40 hours at an average rate for security consultants at $250 an hour. If you can get the budget for that, this is an attractive option, but remember this is a one-shot project.
*There are companies that sell automated solutions to phish your employees. Two of the best known are Phishme and Wombat Security. Both started around 7 years ago, and are set up to have users fill out forms on simulated phishing sites. This makes the project easier and saves time. There is cost involved, however you work with professionals and you get support which is a plus. Both companies have minimum fees that might be out of your budget. Contact them at the external links below.
*Work with a third party company that has the process fully automated: 1) Initial phishing test to determine phish-prone percentages, 2) online on-demand Security Awareness Training, 3) Regular simulated employee phishing attacks with remediation and reporting. KnowBe4 is an example of a company that does this. External link below.
The goal of regularly phishing employees is to achieve an immediate and lasting change in the behavior of employees towards Internet Security, making it clear that Security Policies / Acceptable Use Policies are vital for the survival of the organization, and not as rules that restrict the employee being efficient at work. An employee that fails a simulated phishing attack should not be made public, it should be taken up with them by their supervisor and/or Human Resources.
Phishing employees is a tactic that is becoming popular at the time of this writing (Early 2012), as cyber criminals are increasingly deploying sophisticated spear-phishing attacks that are very difficult to defend against. Employees turn out to be the weakest link in IT security, and cyber crime is exploiting this vulnerability to the fullest.
Organizations that need to comply with Government or Industry regulations (i.e. GLBA, PCI DSS, HIPAA, Sarbanes Oxley) normally require formal Security Awareness Training for all employees, usually once or twice a year. However, as is known, Compliance and Security are not the same thing. Many of the companies that were hacked the last two years were compliant and did pass an audit. Similarly, once a year a phishing refresher course (similar to Sexual Harassment Training) is insufficient when employees frequently get exposed to sophisticated phishing attacks.
Many Small and Medium Enterprises (SME's) do not require formal Security Awareness Training for regulatory compliance, but train their employees to prevent phishing security breaches, and find that phishing their own employees with simulated attacks is a very effective tactic to keep security top of mind, and the employees on their toes regarding email security.
There are four ways to phish your own employees, depending on your Buy / Build determination.
*Build your own from the bottom on up. Recommended for large organizations with a dedicated security team, who can spend the time to build and maintain such a setup. In summary: Raise a temporary webserver, and ‘roll your own’ phishing site. Then create your own phishing email that should lure your users to your fake site, using what you know about Social Engineering. Work out how the tracking and reporting works, and code that. Next, send the email to all users using a mail server that allows you to spoof the 'From: address'. Then keep track, and report to the relevant managers. If you know what you are doing this is a few days's work. There is some help from the open source arena though. The Simple Phishing Toolkit (link below) makes this option easier to get done. Brian Krebs has a good article about it: Link to Krebs Blog
*Engage an outside security consultant to come in and do all the above as part of a ‘mini PEN test’. From a cost perspective you are looking at roughly 40 hours at an average rate for security consultants at $250 an hour. If you can get the budget for that, this is an attractive option, but remember this is a one-shot project.
*There are companies that sell automated solutions to phish your employees. Two of the best known are Phishme and Wombat Security. Both started around 7 years ago, and are set up to have users fill out forms on simulated phishing sites. This makes the project easier and saves time. There is cost involved, however you work with professionals and you get support which is a plus. Both companies have minimum fees that might be out of your budget. Contact them at the external links below.
*Work with a third party company that has the process fully automated: 1) Initial phishing test to determine phish-prone percentages, 2) online on-demand Security Awareness Training, 3) Regular simulated employee phishing attacks with remediation and reporting. KnowBe4 is an example of a company that does this. External link below.
The goal of regularly phishing employees is to achieve an immediate and lasting change in the behavior of employees towards Internet Security, making it clear that Security Policies / Acceptable Use Policies are vital for the survival of the organization, and not as rules that restrict the employee being efficient at work. An employee that fails a simulated phishing attack should not be made public, it should be taken up with them by their supervisor and/or Human Resources.
HyeFighters is dedicated to promoting and highlighting the careers of Armenian combat sports athletes in the professional fields of Boxing, MMA (Mixed Martial Arts) and Muay Thai & Kickboxing</br></br>
HyeFighters was established in July 2007 by Araz Araradian.
</br></br>
Purpose of Existence
This is the first federation of Armenian combat sports fighters. The Hyefighters organization was created to provide young Armenian fighters an association to assist them in their careers in combat sports. Year after year, more Armenian fighters around the world become discovered through the Hyefighters organization.
Fighter List
MMA
Manny Gamburyan </br>
Gegard Mousasi </br>
Sako Chvitchyan </br>
Andy Dermenjyan </br>
Karen Darabedyan </br>
Gor Harutunian </br>
Sevak Magakian </br>
Roman Mitichyan </br>
Jared Papazian </br>
Karo Parisyan </br>
Georgi Karakhanyan </br>
Boxing
Vanes Martirosyan </br>
Vic Darchinyan </br>
Arthur Abraham </br>
Art Hovhannisyan </br>
Khoren Gevor </br>
Susi Kentikian </br>
David Lemieux </br>
Karo Murat </br>
Sasha Yengoyan </br>
William Abelyan </br>
Muay Thai and Kickboxing
Levon Akopyan </br>
Gago Drago </br>
Vardan Mnatsakanyan </br>
Giorgio Petrosyan </br>
Edmond Tarverdyan </br>
Shawn Yacoubian </br>
Harut Grigorian </br>
Marat Grigorian </br>
Sahak Parparyan </br>
Armen Petrosyan </br>
The HyeFighters Show
The HyeFighters Show launched in June 2011. The first episode of the HyeFighters show was shot at Glendale Fighting Club in Glendale, CA. The first episode of The Hyefighters Show features interviews with: Vanes Martirosyan, Roman Mitichyan, Gegard Mousasi and more.
</br></br>
HyeFighters was established in July 2007 by Araz Araradian.
</br></br>
Purpose of Existence
This is the first federation of Armenian combat sports fighters. The Hyefighters organization was created to provide young Armenian fighters an association to assist them in their careers in combat sports. Year after year, more Armenian fighters around the world become discovered through the Hyefighters organization.
Fighter List
MMA
Manny Gamburyan </br>
Gegard Mousasi </br>
Sako Chvitchyan </br>
Andy Dermenjyan </br>
Karen Darabedyan </br>
Gor Harutunian </br>
Sevak Magakian </br>
Roman Mitichyan </br>
Jared Papazian </br>
Karo Parisyan </br>
Georgi Karakhanyan </br>
Boxing
Vanes Martirosyan </br>
Vic Darchinyan </br>
Arthur Abraham </br>
Art Hovhannisyan </br>
Khoren Gevor </br>
Susi Kentikian </br>
David Lemieux </br>
Karo Murat </br>
Sasha Yengoyan </br>
William Abelyan </br>
Muay Thai and Kickboxing
Levon Akopyan </br>
Gago Drago </br>
Vardan Mnatsakanyan </br>
Giorgio Petrosyan </br>
Edmond Tarverdyan </br>
Shawn Yacoubian </br>
Harut Grigorian </br>
Marat Grigorian </br>
Sahak Parparyan </br>
Armen Petrosyan </br>
The HyeFighters Show
The HyeFighters Show launched in June 2011. The first episode of the HyeFighters show was shot at Glendale Fighting Club in Glendale, CA. The first episode of The Hyefighters Show features interviews with: Vanes Martirosyan, Roman Mitichyan, Gegard Mousasi and more.
</br></br>
Scott E. McDowell, also known as Elevated Scott, is the CEO and founder of Elevated Entertainment Solutions, LLC. McDowell is the founder of the digital-only released music compilation album series, Global Attack MixTapes Series and the international hip-hop news site, International-HipHop.com.
Early years
Scott started his career in advertising, working with companies such as Examiner News, The Baltimore Guide, Creative Loafing, and CBS Sports Radio. Scott left his job with CBS in order to become an entertainment agent and consultant. As an agent or consultant, he worked with artists like Colby O'Donis, Ya Boy, Courtis Young, Dj Rocky Rock, T Lopez, Bonnie Pointer, and Suga Bang Bang.
Global Attack Mixtapes
In 2011, Elevated Entertainment Solutions released the digital compilation albums Global Attack Mixtape Volumes 1 and 2. The series features various artists from around the world such as Lazee, J-Son, Harlem 6, Treach, Styles P, Jadakiss, and Gucci Mane. The official blog site for Global Attack Mixtapes, International-HipHop.com, has received mention on "Tapwire" and "This Week in Music".
Early years
Scott started his career in advertising, working with companies such as Examiner News, The Baltimore Guide, Creative Loafing, and CBS Sports Radio. Scott left his job with CBS in order to become an entertainment agent and consultant. As an agent or consultant, he worked with artists like Colby O'Donis, Ya Boy, Courtis Young, Dj Rocky Rock, T Lopez, Bonnie Pointer, and Suga Bang Bang.
Global Attack Mixtapes
In 2011, Elevated Entertainment Solutions released the digital compilation albums Global Attack Mixtape Volumes 1 and 2. The series features various artists from around the world such as Lazee, J-Son, Harlem 6, Treach, Styles P, Jadakiss, and Gucci Mane. The official blog site for Global Attack Mixtapes, International-HipHop.com, has received mention on "Tapwire" and "This Week in Music".
UFC on Fuel TV 4 is an upcoming mixed martial arts event to be held by Ultimate Fighting Championship. While not officially announced by the organization, it is expected to take place on July 11, 2012 at HP Pavilion in San Jose, California.
Background
Bouts in the works include:
*James Te-Huna vs. Brandon Vera
*Aaron Simpson vs. Jon Fitch
*Dan Stittgen vs. Marcelo Guimarães
*Nick Penner vs. Tom DeBlass
*Rafael Natal vs. Andrew Craig
*Danny Martinez vs. Nate Williams
*Darrell Montague vs. Phil Harris
Official bouts
*Middleweight bout: Mark Muñoz vs. Chris Weidman
*Bantamweight bout: Raphael Assunção vs. Issei Tamura<ref name="UFCFUEL4" />
*Bantamweight bout: T.J. Dillashaw vs. Vaughan Lee<ref name="UFCFUEL4" />
*Flyweight bout: Chris Cariaso vs. Josh Ferguson<ref name="UFCFUEL4" />
Background
Bouts in the works include:
*James Te-Huna vs. Brandon Vera
*Aaron Simpson vs. Jon Fitch
*Dan Stittgen vs. Marcelo Guimarães
*Nick Penner vs. Tom DeBlass
*Rafael Natal vs. Andrew Craig
*Danny Martinez vs. Nate Williams
*Darrell Montague vs. Phil Harris
Official bouts
*Middleweight bout: Mark Muñoz vs. Chris Weidman
*Bantamweight bout: Raphael Assunção vs. Issei Tamura<ref name="UFCFUEL4" />
*Bantamweight bout: T.J. Dillashaw vs. Vaughan Lee<ref name="UFCFUEL4" />
*Flyweight bout: Chris Cariaso vs. Josh Ferguson<ref name="UFCFUEL4" />