As cybercrime continues to surge, security leaders must understand that there is no such thing as a perfect, fool-proof, impenetrable secure environment. Many organisations fall into the trap of trying to use technology as the only means of defending their networks and forgetting that the power of human awareness and intervention is paramount in arriving to a highly secured state.
Every security leader faces the same conundrum: even as they increase their investment in sophisticated security orchestration, cybercrime continues to rise. Security is often presented as a race between effective technologies and clever attack methodologies. Yet there’s an overlooked layer that can radically reduce an organisation’s vulnerability: security awareness training and frequent simulated social engineering testing.
Verizon’s 2019 data breach investigation report shows that phishing remains the #1 threat action used in successful breaches linked to social engineering and malware attacks.
These criminals successfully evade an organisation’s security controls by using clever phishing and social engineering tactics that often rely on employee naivety. Emails, phone calls and other outreach methods are designed to persuade staff to take steps that provide criminals with access to company data and funds.
Each organisation’s employee susceptibility to these phishing attacks is known as their Phish-Prone™ percentage (PPP). By translating phishing risk into measurable terms, leaders can quantify their breach likelihood and adopt training that reduces their human attack surface.
Do you know how your organisation compares to your peers of similar size? Download the KnowBe4 benchmarking report to find out!
You will learn more about:
- New phishing benchmark data for 19 industries
- Understanding who’s at risk and what you can do about it
- Actionable tips to create your “human firewall”
- The value of new-school security awareness training