Wombat updates service that lets you defensively phish your own employees

Rather than provide security alerts when suspicious messages arrive in employee inboxes, Pennsylvania-based Wombat Security Technologies trains employees by actively trying to phish them.

Tuesday, Wombat announced the second version of its PhishGuru anti-phishing training service now extends to mobile devices including iOS and Android-based devices.

PhishGuru is a software-as-a-service that lets administrators create fake phishing emails and malicious attachments or sites, and provides statistics to see who fell for them, and what type of devices and browsers they were using.

"PhishGuru's approach is unique, taking advantage of the teachable moment that occurs when an employee believes they fell for an attack," said Joe Ferrara, President and CEO of Wombat Security Technologies. "We provide immediate training at that moment when users are most receptive to learning. We also have accounts where over 95% of users that fell for a mock attack voluntarily took additional training when given the opportunity."

Wombat's announcement on Tuesday comes less than a week after the National Institute of Standards and Technology (NIST) debuted the first draft of its National Initiative for Cybersecurity Education (NICE) in the workforce.

The three main goals of NICE are to raise American awareness of security risks online, to broaden the pool of skilled workers who are "capable of supporting a cyber-secure nation," and to develop a workforce that is globally competitive in cybersecurity.

"Our nation is at risk. The cybersecurity vulnerabilities in our government and critical infrastructure are a risk to national security, public safety, and economic prosperity. Now is the time to begin a coordinated national initiative focused on cybersecurity awareness, education, training, and professional development. The United States must encourage cybersecurity competence across the nation and build an agile, highly skilled workforce capable of responding to a dynamic and rapidly developing array of threats," the NIST plan says.