Hosted by Gerard Brown at NetUtils and joined by guest speakers Ollie Pech, Channel MSP Manager and Javvad Malik, Security Awareness Advocate from KnowBe4 and known blogger and YouTuber within the infosec industry.
The title of this webinar poses a critical question all organisations should be asking themselves in this ever-changing world. While a layered security infrastructure is an absolute must to protect against the growing variety of threats organisations face today, there’s a hidden threat that is often-overlooked. What is this hidden danger… IT’S YOUR USERS?
The facts from NetUtils
Did you know, more than 90% of successful hacks and data breaches, all start with phishing scams? That’s a huge number considering the sheer volume of data breaches you hear about in the news on a daily basis.
According to the APWG Phishing Activity Trends Report for Q3 2019, phishing scams have reached the highest level in just three years, this level not seen since 2016! Below is a snapshot of the stats over the past year. What makes the chart of interest is the 46% increase of phishing sites detected between Q2 and Q3 of this year. And an almost 100% increase in phishing sites detected in Q4 of 2018, this time last year. *
* APWG Phishing Activity Trends Report Q3 – 2019
8 reasons why we partner with one of the best Security Awareness Training vendors in the industry
To help our customers educate their end users and to keep security top of mind!
- The world’s largest integrated Security Awareness Training and Simulated Phishing platform, founded in 2010
- With over 28,000 customers and 9.5million users KnowBe4 helps organisations manage an ongoing problem of social engineering
- The ‘last layer’ of security is the Security Awareness layer, only really been taken into consideration over the last few years i.e. your human firewall
- KnowBe4 have developed tremendously as a business from a “nice to have” within organisation to be a “must have”
- Over a thousand training modules that are pre aligned to the platform that are all around security awareness and includes some HR modules and over 80 compliance modules
- A simulated phishing platform with an iterative process; train, phish and analyse, all of the time
- The KnowBe4 console helps organisations see where their end users are having trouble understanding security, this is backed up with over 1000 training modules to support learning. Not used to name and blame
- Assists organisations in reducing malware infections, data loss and potential cyber threat, whilst increasing user productivity
Empowering Your Human Firewall
Always remember as a business you are dealing with human beings and to do that, you have to understand behaviour and how to influence that behaviour. Ultimately, the goal is, to move your staff from insecure behaviours to better behavioural patterns so they can take a risk-based approach to any actions they take.
There are 3 realities of Security Awareness:
- Just because I’m aware doesn’t mean I care
- If you try to work against human nature, you will fail
- What your employees do is way more important than what they know
Take the book by Daniel Kahneman called Thinking, Fast & Slow – there are 2 types of systems he outlines; System 1 called Fast Thinking, this is the way a person reacts to everyday routine, they don’t really think about the actions as this is just natural behaviour i.e. making a cup of tea. However, when we look at System 2 thinking referred to as Slow Thinking, this is used to solve specific problems when necessary, it’s more complicated and requires thought.
When it comes to Security Awareness and your organisation you actually start with System 2, the Slow Thinking, to try and get people really thinking. The more you do this the more it becomes a System 1 way of thinking. That is why continuous awareness and training is vital. The goal, to make Security Awareness a natural behaviour within your organisation, like making that cup of tea, make it a habit over time and get that way of thinking embedded into your company culture.
Your awareness program should NOT focus only on information delivery. Do you care more about what your people know or what they do?
During our webinar Javvad revealed an interesting take away from Dr. BJ Fogg, known in the field of ‘Behaviour Design’ and The Fogg Behavior Model.
“Behaviour happens when three things come together at the same time: Motivation, Ability, and a Prompt to do the behaviour.”
- Motivation – are your users sufficiently motivated to an action
- Ability – do they have the ability to do that action
- Prompt – the nudge to get them to do that action
Take these behaviours into consideration when designing your training programs so all boxes are ticked. Get specific as to what behaviours you want to change and target them.
Here at NetUtils we partner with KnowBe4 to help our customers educate their end users and keep security top of mind. Security Awareness Training should be part of your cyber security strategy and embedded into your cultural fabric especially when human error is still one of the leading causes of data breaches today.
To help you on your way we’ve got some cool FREE tools to get you started!
- Free Phishing Security Test – Find out what percentage of your users are Phish-prone. Get yours here.
- Free Email Exposure Check – Find out which of your users’ emails are exposed before the bad guys do. Get yours here.
- Free Domain Spoof Test – Find out if hackers can spoof an email address of your own domain. Get yours here.
- Free Phish Alert Button – Your employee’s now have a safe way to report phishing attacks with one click. Get yours here.
- Ransomware Simulator – Find out how vulnerable your network is against ransomware attacks. Get yours here.