Security Maturity Assessment: Email Threat Detection and Response Step 1 of 10 10% Take this quick and anonymous security maturity assessment to gauge how well your organization can detect and respond to phishing & BEC attacks. How many employees are in your organization? Less than 500 500-2,500 2,501-5,000 5,000+ What email service do you use? On-prem email server Microsoft 365 Google G-Suite Other How do you keep up to date with current phishing and BEC threats? (Select all that apply) No formal process Open source (free) threat intelligence feeds Commercial threat intelligence feeds/reports Industry information sharing Post-incident analysis of phishing attacks Which security methods do you use to prevent malicious emails?(Select all that apply) Allow and block lists Sender authentication (DMARC, DKIM), antivirus scanning, and sender reputation Message and attachment content inspection URL rewriting, sandbox analysis of suspicious files Specialized add-ons to detect targeted phishing and BEC Which best describes your user security awareness training program?(Choose the best answer) Nothing in place Ad-hoc presentations to employees with no metrics Recurring training with in-house content, exam-based metrics Recurring training with professionally prepared materials, exam-based and simulated attack metrics Automated training based on role and exam performance. Detailed metrics and employee performance incorporated into HR processes Fully deployed and automated training, performance factored into HR process, security operations, and overall risk management How are you detecting targeted phishing and BEC?(Select all that apply) Rely on end users to submit messages to IT helpdesk or Security Operations Center Rules-based detection configured in a secure email gateway External threat intelligence feeds to filter inbound threats Advanced real-time detection like machine learning and heuristics All of the above, continuously improved via analysis of False Positives & False Negatives Which answer best describes your current incident response process for phishing and BEC?(Choose the best answer) No documented procedures, rely on skills and experience of individual analysts Documented procedures; tasks are primarily manual Regularly tested procedures and scripts to automate basic tasks Automated processes and 8x5 coverage Automated processes, 24x7 coverage, and threat indicators ingested by enterprise SOC Which metrics do you use for visibility of targeted phishing and BEC? (Select all that apply)(Select all that apply) Number of successful attacks Number of malicious emails detected Mean time to respond, mean time to recover Aggregated metrics based on shared threat indicators Costs of incident response (salary, tools) At which stage have you typically identified and responded to phishing attacks?(Choose the best answer) Not remediated until major loss or breach had occurred Remediated after initial loss but were able to limit the impact Remediated after account or device compromise, but before data or financial loss Remediated before user account or device was compromised Remediated before users clicked malicious links How has your organization detected and responded to BEC attacks?(Choose the best answer) Not remediated until major loss had occurred Remediated after initial loss but were able to limit the impact Remediated after users were fooled but before any losses Remediated before users establish communication with the impostor Remediated before users responded to impostor