No company is immune to phishing exploits… it’s inevitable that one of your employees will unknowingly click on a link in an email and expose your company’s network and data to threat actors looking for a vulnerability and do some serious damage. That will cost your company time and resources to identify and remediate – a cost that is entirely avoidable.
Phishing, is a technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person. Every day, we are inundated with emails that may contain malicious content and result in security breaches that will wreak havoc on company networks. Training employees is key to providing a line of defense at the entry point of malicious content sent by phishing emails.
DID YOU KNOW?
- CISCO’s 2021 Cybersecurity threat trends report suggests that at least one person clicked a phishing link in around 86% of organizations and suggests that phishing accounts for around 90% of data
- According to a study by IBM, human error is the main cause of 95% of cyber security
- 91% of successful data breaches started with a successful spearfishing attack (KnowBe4 – 2021)
- Benchmarking performed in 2020 by KnowBe4 revealed that there were “radical drops in careless clicking after 90 days and 12 months of simulated phishing testing and security awareness training.” (Phishing by Industry 2020 Benchmarking Report)
- Average time for data breaches to be identified and contained – 287 days (2021IBM Cost of a Data Breach Report)
- Average cost to fix a data breach $4.24 million USD (2021 IBM Cost of a Data Breach Report)
THE HUMAN FACTOR
No matter how much you try to protect your endpoints with tools and monitoring, one thing that isn’t necessarily covered by sophisticated cyber protection tools, is the human factor. Face it – more than ever, employees are super busy, multi-tasking, working from home, buried in emails and it’s easy to click on a link, in haste, that looks innocent How do we address this human factor? Education and awareness training is first and foremost to improve security awareness – but is it enough?
Enter KnowBe4 – provider of the world’s largest security awareness training and simulated phishing platform.
In addition to their comprehensive security awareness training platform, KnowBe4 provides an innovative and effective solution to test your employees’ security awareness through phishing simulation tests and analytics.
Some of the key features of KnowBe4’s phishing simulation program include:
- Over 12,000 email templates to send to your employees; send them as-is or customize
- The ability to customize and schedule targeted emails campaigns
- Meaningful reporting to identify areas of concern (i.e. trending for individual departments, employees who have a history of clicking and categorization of their behaviors)
- Risk scores at the individual user level that management can use for training purposes
- Benchmarking data so you can compare how you rank against similar companies in your industry
EFFECTIVENESS AND RESULTS
Phishing simulation tests using real-world examples is an effective way to understand human behaviors in your company and KnowBe4 has the data so management can act on these patterns of behavior. Once employees click on the links in the email, they are immediately notified that email was a phishing test and red flags in the email are highlighted to show what they should have looked closer at to identify the phish. If used in conjunction with KnowBe4’s security awareness training platform, additional training will be recommended for the user.
Based on stats compiled by KnowB4 from their clients – here is how effective phishing simulation testing is:
- 31% of users clicked on the link in the email after first phishing simulation
- 16% of users clicked on the link in the email tests sent three months
- 5% of users clicked on the email tests sent twelve months later
These results demonstrate the effectiveness of testing, and after twelve months, the decline in the numbers of employees who clicked the link in the email is indicative of an improvement in an organization’s security culture. This will translate into improving your company’s risk posture when it comes to this last line of defense when it comes to phishing – your employees.
Reach out to us at HI Tech Hui for more information about KnowBe4 and to better understand the human factor when it comes to mitigating security breaches.