To many, emails are boring. It’s been a long time since they were ‘cool,’ and they’re probably the slowest form of communication in an evolving fast-paced digital world. Nevertheless, there were 215 billion emails exchanged per day in 2016, and that number is growing at 3% annually. It's clear that emails aren’t going away anytime soon—and neither are their implications for security. According to the 2017 Verizon data breach investigations report (DBIR): “43% of all data breaches happened through social attacks or through social engineering. And of those social engineering attacks, phishing constitutes 93%.” Furthermore, nobody is immune to phishing—not even security companies.
At this year’s UNITED Summit, I and several others on Rapid7’s IT and engineering teams will take our audience on a journey to explore the intricacies of conducting an internal phishing campaign. We’ll present a case study directly from the people who run internal phishing simulations at Rapid7, and we’ll talk about practical challenges and solutions when building an effective campaign. Among the questions we’ll address: How can we avoid spam filters in top email service providers like GSuite and Office365? How important is the reputation of your email to ensuring deliverability? What results did Rapid7’s security engineers see when they conducted internal phishing campaigns, and how did they change over time? And perhaps most important of all—how can you use this knowledge to improve security across your own organization?
Email might be boring, but working on ways to better understand and combat phishing is endlessly interesting. Come hear about how Rapid7 solves security challenges both inside and outside its own walls—and if you haven’t yet signed up to join us at UNITED this year, register here.