Sophos Launches Phish Threat 2.0

Sophos has launched a new version of its Phish Threat simulator. Phish Threat 2.0 is an enterprise-class phishing simulation platform that allows businesses to run their own internal phishing campaigns to test the effectiveness of their security awareness programs and discover how susceptible their employees are to phishing threats.

Training employees to be more security aware is now an essential element of any cybersecurity strategy. Technology can be used to reduce the volume of malicious emails that are delivered to end users, but the constantly changing tactics of scammers and the sophistication of phishing attacks means sooner or later some emails will make it past spam filters and will be delivered to end users’ inboxes.

If employees are not prepared and trained how to recognize phishing threats, they will likely respond and disclose their login credentials or inadvertently install malware.

Conducting phishing simulations allows businesses to test their employees security awareness in a safe environment. When an end user fails a simulation, it can be turned into a training opportunity. By using basic and advanced phishing tests, users can be conditioned to respond correctly when a real phishing email is delivered. Instead of responding, end users can be trained to flag emails as malicious, allowing security teams to take action and remove all copies of the emails from inboxes, thus preventing costly data breaches and malware infections.  Phishing emails can be developed to test susceptibility to real world threats and campaigns can be easily scheduled to test users, departments, or the entire organization.

Phish Threat was taken from Silent Break Security, a company acquired by Sophos in November 2016. Since acquiring the company, the platform has been further refined to make conducting phishing simulations a quicker and easier process. Phish Threat 2.0 incorporates a powerful new reporting dashboard allowing reports to be generated at the organization, department, role, or individual level to gain an in depth understanding of phishing risk.

With 41% of IT teams now reporting phishing threats on a daily basis, end user training and simulations is more important than ever before.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of