Shira: Anti Phishing Training Platform(shira.app)

9 分 | 作者 carohadad 18小时前

3 条评论

  • echoangle 16小时前
    I don’t think that’s how phishing can be prevented. It’s very different to do the quiz compared to actually getting a phishing message pressuring you to do something. People don’t even start questioning it before they act on that.

    I think fake phishing messages over the same channel real ones would be in are the way to go.

    [-]
    • carohadad 1小时前
      hi!

      yes you are totally right that actually getting a phishing message is very different than a learning enviroment, but also we have seen that people don't have the tools to undestand what should raise suspicious (domains, wording, tactics, etc) and that's super dependant of context! For example I'm from Argentina, a phishing case targeting elders in my city might be very different than the ones targeting an investigative journalist (to try to get their info) or a business (to try to get access to their systems). And targeted phishing cases are much easier to create nowadays with ai and all the information avaible online about ourselves, our companies, etc!

      Research (and our experience) has shown that the phising simulation (the "fake phising" you describe) is not as effective: https://shira.app/phishing-quizzes

      So basically our appoaach was to create the plaforms so that trainers and educators (with our guidance) could create learning experice could create a learning enviroment tailored to the apps, level, context, language of the particular group they are working with.

      We launched the platform with a beta program and we received very possitive feedback on learners actually changing behaviour: https://blog.wearehorizontal.org/introducing-shira-2-0-end-t...

      We are trying to get even more feedback from the communtity happy to hear if this makes sense to you or any other ideas or comments !! thanks so much for commenting :)

    • turtleyacht 14小时前
      Maybe the link(s) in the phishing message go to the training site, styled for each client.
      [-]
      • carohadad 1小时前
        That's a really cool idea, 100%. Phishing simulation could work together with our learning platform (or any other learning platform) :) thank you for sharing that!
  • carohadad 18小时前
    hey! our team developed this tool that allows security trainers and teams to develop their own anti-phihing-education trainings based on their own threats, apps, context and language.

    would love to get your feedback on it :)

    We are also aunching a free-program for 10 orgs on our Enterprise plan --> https://docs.google.com/forms/d/e/1FAIpQLSc5nl1K8IQWuvoR_6PH...

    [-]
    • VoidWhisperer 17小时前
      So is the idea for Shira is that it is quizzes and other tools to teach people how not to be phished? Whereas I know some enterprise anti-phishing tooling I've seen lets IT/Security send a 'phishing email', where you are told good job if you report it and it is noted down on your employee record if you do fall for it
      [-]
      • carohadad 1小时前
        Hey! super good question, that's exactly the point!

        We (and reseach) have found that the "phishing simulation" technique has not been effective. This "IT/Security sending a phishing-email" that you describe is the standard in the industry but it does not foster a space where real education and undestanding about what should be consider suspicious (and why) can occur. We have seen people alerting each other on private channels "be careful with this email, that's the phishing, simulation!". So IT have false data and people are not actually learning much...

        Shira allows creating a controlled learning enviroment where people can learn about the phishing tactics and how to detect those in a controlled setting, with tailored explanations adapted to the org language/level/context :)

        We wrote about it here: https://shira.app/phishing-quizzes

        We launched it with a beta program some months and we have had very good feedback on effectiveness so far!

        This is a demo quiz que created, but the idea is that trainers can create their own quizzes with any content and explanations they want https://quiz.shira.app/

  • Lunchtime8644 46分钟前
    [dead]