[Webinar On-Demand] Why Do You Need Security Awareness Training?

Hosted by Gerard Brown at NetUtils and joined by guest speakers Ollie Pech, Channel MSP Manager and Javvad Malik, Security Awareness Advocate from KnowBe4 and known blogger and YouTuber within the infosec industry.

The title of this webinar poses a critical question all organisations should be asking themselves in this ever-changing world. While a layered security infrastructure is an absolute must to protect against the growing variety of threats organisations face today, there’s a hidden threat that is often-overlooked. What is this hidden danger… IT’S YOUR USERS?

The facts from NetUtils

Did you know, more than 90% of successful hacks and data breaches, all start with phishing scams? That’s a huge number considering the sheer volume of data breaches you hear about in the news on a daily basis.

According to the APWG Phishing Activity Trends Report for Q3 2019, phishing scams have reached the highest level in just three years, this level not seen since 2016! Below is a snapshot of the stats over the past year. What makes the chart of interest is the 46% increase of phishing sites detected between Q2 and Q3 of this year. And an almost 100% increase in phishing sites detected in Q4 of 2018, this time last year. *

Phishing attacks reach the highest level in 3 years!

* APWG Phishing Activity Trends Report Q3 – 2019

8 reasons why we partner with one of the best Security Awareness Training vendors in the industry

To help our customers educate their end users and to keep security top of mind!

  1. The world’s largest integrated Security Awareness Training and Simulated Phishing platform, founded in 2010
  2. With over 28,000 customers and 9.5million users KnowBe4 helps organisations manage an ongoing problem of social engineering
  3. The ‘last layer’ of security is the Security Awareness layer, only really been taken into consideration over the last few years i.e. your human firewall
  4. KnowBe4 have developed tremendously as a business from a “nice to have” within organisation to be a “must have”
  5. Over a thousand training modules that are pre aligned to the platform that are all around security awareness and includes some HR modules and over 80 compliance modules
  6. A simulated phishing platform with an iterative process; train, phish and analyse, all of the time
  7. The KnowBe4 console helps organisations see where their end users are having trouble understanding security, this is backed up with over 1000 training modules to support learning. Not used to name and blame
  8. Assists organisations in reducing malware infections, data loss and potential cyber threat, whilst increasing user productivity
Train, phish and analyse with the KnowBe4 phishing platform

Empowering Your Human Firewall

Always remember as a business you are dealing with human beings and to do that, you have to understand behaviour and how to influence that behaviour. Ultimately, the goal is, to move your staff from insecure behaviours to better behavioural patterns so they can take a risk-based approach to any actions they take.

There are 3 realities of Security Awareness:

  1. Just because I’m aware doesn’t mean I care
  2. If you try to work against human nature, you will fail
  3. What your employees do is way more important than what they know

Take the book by Daniel Kahneman called Thinking, Fast & Slow – there are 2 types of systems he outlines; System 1 called Fast Thinking, this is the way a person reacts to everyday routine, they don’t really think about the actions as this is just natural behaviour i.e. making a cup of tea. However, when we look at System 2 thinking referred to as Slow Thinking, this is used to solve specific problems when necessary, it’s more complicated and requires thought.

Daniel Kahneman book called Thinking, Fast & Slow.

When it comes to Security Awareness and your organisation you actually start with System 2, the Slow Thinking, to try and get people really thinking. The more you do this the more it becomes a System 1 way of thinking. That is why continuous awareness and training is vital. The goal, to make Security Awareness a natural behaviour within your organisation, like making that cup of tea, make it a habit over time and get that way of thinking embedded into your company culture.

Your awareness program should NOT focus only on information delivery. Do you care more about what your people know or what they do?

During our webinar Javvad revealed an interesting take away from Dr. BJ Fogg, known in the field of ‘Behaviour Design’ and The Fogg Behavior Model.

“Behaviour happens when three things come together at the same time: Motivation, Ability, and a Prompt to do the behaviour.”

  1. Motivation – are your users sufficiently motivated to an action
  2. Ability – do they have the ability to do that action
  3. Prompt – the nudge to get them to do that action

Take these behaviours into consideration when designing your training programs so all boxes are ticked. Get specific as to what behaviours you want to change and target them.

Get specific with the behaviours you want to change and target them.

Here at NetUtils we partner with KnowBe4 to help our customers educate their end users and keep security top of mind. Security Awareness Training should be part of your cyber security strategy and embedded into your cultural fabric especially when human error is still one of the leading causes of data breaches today.

To help you on your way we’ve got some cool FREE tools to get you started!

  • Free Phishing Security Test – Find out what percentage of your users are Phish-prone. Get yours here.
  • Free Email Exposure Check – Find out which of your users’ emails are exposed before the bad guys do. Get yours here.
  • Free Domain Spoof Test – Find out if hackers can spoof an email address of your own domain. Get yours here.
  • Free Phish Alert Button – Your employee’s now have a safe way to report phishing attacks with one click. Get yours here.
  • Ransomware Simulator – Find out how vulnerable your network is against ransomware attacks. Get yours here.

KnowBe4 Report: 2019 Phishing by Industry Benchmarking

How are you doing compared to your peers of similar size?

As a security leader, you’re faced with a tough choice. Even as you increase your budget for sophisticated security software, your exposure to cybercrime keeps going up! IT security seems to be a race between effective technology and clever attack methods. However, there’s an often overlooked security layer that can significantly reduce your organisation’s attack surface: New-school security awareness training.

The 2019 study analysed a data set of nearly nine million users across 18,000 organisations with over 20 million simulated phishing security tests. In this report, research from KnowBe4 highlights employee Phish-prone™ percentages by industry, revealing at-risk users that are susceptible to phishing or social engineering attacks. Taking it a step further, the research also reveals radical drops in careless clicking after 90 days and 12 months of new-school security awareness training.

Top 3 industries by company size.

Do you know how your organisation compares to your peers of similar size? Download your report to learn more about:

  • New phishing benchmark data for 19 industries
  • Understanding who’s at risk and what you can do about it
  • Actionable tips to create your “human firewall”
  • The value of new-school security awareness training

Phishing vs Spear Phishing

The Osterman Research White Paper ‘Best Practices for Implementing Security Awareness Training’ reveals a wide range of issues that concern security professionals. One of which being more than 90% of organisations report that phishing and spear phishing attempts reaching end users during 2018 are either increasing or staying at the same levels.

While phishing and spear phishing attacks are similar, there are many key differences to be aware of.

A phishing campaign is very broad and automated, think ‘spray and pray’.

It doesn’t take a lot of skill to execute a massive phishing campaign. Most phishing attempts are after things like credit card data, usernames and passwords, etc. and are usually a one-and-done attack. 

On the other hand, spear phishing is highly targeted, going after a specific employee, company, or individuals within that company.

This approach requires advanced hacking techniques and a great amount of research on their targets. Spear phishers are after more valuable data like confidential information, business secrets, and things of that nature. That is why a more targeted approach is required; they find out who has the information they seek and go after that particular person. A spear phishing email is really just the beginning of the attack as the bad guys attempt to get access to the larger network.

Network Utilities partner with KnowBe4 to help our customers keep users on their toes with security top of mind. Effective new-school security awareness training helps reduce risk and strengthen an organisation’s human firewall.

KnowBe4 named UK’s Security and Consultancy Provider of the year

KnowBe4, the provider of the world’s largest security awareness training (SAT) and simulated phishing platform, announces it has won Network Computing’s Security Training and Consultancy Provider of the Year award.

KnowBe4’s CEO Stu Sjouwerman said, “We are very happy to win this award and are committed to the UK market. We’ve seen explosive growth with organisations recognising the need for training to improve their security culture. Additionally, we are working with UK based organisations such as Twist and Shout to continue to provide relevant and Netflix quality content.” Sjouwerman further noted, “We are also very proud of our UK team for their dedication to our customers.”

According to Verizon’s 2019 data breach investigation report, Phishing was the #1 threat action used in successful breaches linked to social engineering and malware attacks.

Network Utilities partner with KnowBe4 to help our customers keep users on their toes with security top of mind. Effective new-school security awareness training helps reduce risk and strengthen an organisation’s human firewall.

Sources:

Webinar – GDPR It’s coming, and it will impact your business

Are you confident in how to use and process your customer information in the light of GDPR?

  • Will your data processing involve the collection of new information about individuals?
  • Will your data processing compel individuals to provide information about themselves?
  • Are you using information about individuals for a purpose it is not currently used for, or in a way it is not currently used?
  • Will the processing require you to contact individuals in ways, which they may find intrusive?

If you answered YES to any of the above questions then you should take the time to watch our on demand webinar and find out about your obligations and how GDPR will affect you and your organisation.

Register your interest to attend our GDPR workshop – If you would like to join our GDPR workshop on the 19th April, please fill in your details below to register your interest and I will be in touch with an invitation and full agenda.

Thank you
Kara

Privacy Is a Human Right; do you understand your data obligations?

On Thursday we gathered together with clients at information security consultants Blackfoot UK’s head office in London to talk about a trending topic in the IT world today.

Data and Cyber Security Matters in a Post Brexit World.

David Silsby our Sales Director welcomed us on this very chilly morning reiterating the Network Utilities ethos of “Identity should be at the heart of everything we do; the identity of the individual and the device is key! Remembering Who is on your network, What they are trying to access and How is critical to ensuring your network remains secure, fast and compliant.”

Next up was Matthew Tyler, CEO of Blackfoot UK and our keynote speaker for the day. Giving us a time hop into the past where we learned some interesting facts. The European Convention on Human Rights (ECHR) came into effect in 1953 and is an international treaty to protect human rights. The definition of privacy as in Article 8 states “A right for one’s ‘private and family life, his home and correspondence’ to be free from unlawful searches”.  In the UK human rights are protected by the Human Rights Act 1998. Matthew went on to explain how the internet has changed the economics of data and contributed to the erosion of privacy, he also detailed current privacy laws and how Brexit will change the future. Below you can see the 8 principles of the Data Protection Act, governing the use of personal information which we must comply with, unless an exemption applies, the principles state that data must be:

  • Used fairly and lawfully
  • Used for limited, specifically stated purposes
  • Used in a way that is adequate, relevant and not excessive
  • Accurate
  • Kept for no longer than is absolutely necessary
  • Handled according to people’s data protection rights
  • Kept safe and secure
  • Not transferred outside the UK without adequate protection

Data is an extremely powerful tool in today’s business world. Knowing your customer well can create a tailor made customer experience. The future of business intelligence is evolving and we will soon start to see new services and businesses arise to help us harness the power of this business intelligence.

iot_of_ransomware

Protecting your customer’s data has never been more critical

The cost of a data breach can have a huge impact on you and your business including; bankruptcy, reputational damage, legal implications and of course loss of data. You need to have the appropriate security in place depending on the value of the data you hold i.e. credit card details or email addresses. Do you know the value of your data? Do your staff know what risky looks like? And are they fully trained and aware of the implications of clicking on a malicious links, for example? Research tells us you are only as strong as your weakest link, and that in most cases is your staff.

This brings me onto 5 key questions posed by Matthew around what you need to be asking yourself and your business to truly understand the type of data your business holds.

  1. Do we know what data we have?
  2. Do we understand its potential value and the associated risk?
  3. Do we know who could want our data (for good or bad)?
  4. Do we understand where our data is and who can access it?
  5. Do we know what protection our data needs?

The cost of a data breach

The Cost of a Data Breach

* IBM Security 2016 – Cost of a Data Breach Study

If you would like to know more about European regulations and what’s changing in the UK, how to keep your customers data safe and the implications of personal data being lost or misused then you can download Protecting Data and Privacy to get a full overview. Remember you are only as strong as your weakest link!

Will the defenders ever be faster than the attackers?

Our Principal Technology Strategist, Malcolm Orekoya shared his research on the current threat landscape. Did you know that 89% of breaches had a financial or espionage motive?

In order for us to understand cyber security we need to understand the cyber-crime world. These attackers have the same technology advancements that we do and they are always one step ahead. The resources are available for anyone online and you can even pay for “cyber-crime” support. Organised crime is evolving quickly due to underground criminal networks and the so called dark web. The tools are getting smarter and depending on what these criminals are after they will attack in different ways.

“Analysis of known bad malware found that the 91.3% of that malware uses the Domain Name Service (DNS) to carry out campaigns.” Cisco Annual Security Report 2016

There has been an explosion in ransomware and exploit kits are sophisticated. “The Angler exploit kit is one of the largest and most effective exploit kits on the market. It has been linked to several high-profile malvertising (malicious advertising) and ransomware campaigns. And it has been a major factor in the overall explosion of ransomware.” Cisco Annual Security Report 2016

“33% of the malware observed in 2016 research used encryption.” Trustwave Global Security Report 2016

Most legacy platforms cannot see encrypted traffic therefore there is a loss of visibility. Malicious users are aware of this vulnerability and that you don’t have visibility so exploit this lack of visibility to insert their malware into your network. It’s crucial for you to have network visibility in order to be able to effectively apply security policies.

Education

People are your best network defence, but only if they are educated to understand the risks. We advocate creating a data security awareness culture. The one constant factor that exists in all layers of security is the human element. The idea here is to educate people on common threats and their various guises, test their understanding and responses to this education over time, review the results of such tests and then repeat the entire cycle periodically over and over again. You can read Malcolm’s full blog Stop Phishing Attacks – Harness the Power of Your Human Sensor Network – Here.

It’s not if; it’s when!

You need to collaborate to stay ahead of the trends and the cyber security landscape. Think ahead to prevent future attacks. Think of the cost and rewards of investing in your network security vs the risk of not doing so. Ask yourself, can you afford to lose it all when you do get attacked?

SC Magazine recently ran a survey on 900 business and IT decision makers across the UK – EU GDPR – nine out of ten don’t understand it. A staggering 91% of respondents have concerns about their organisation’s ability to comply with GDPR. This regulation will come into effect in 2018 and the penalties will be high, that might seem like a long way away but it’s just around the corner, and you’ll need to be prepared.

Talk to specialists who are confident about compliance and threat prevention. Talk to Network Utilities.

Upcoming events:

We will be hosting another webinar on the 22nd February 2017. To find out more on your obligations and how GDPR will affect you and your organisation join our webinar with information risk, security and compliance specialists Blackfoot. You can register here.

t: 020 8783 3800 e: sales@netutils.com

About Network Utilities
Identity Centric Networks & Security

Network Utilities (Systems) Ltd have been providing identity centric network and security solutions to organisations ranging from Telecoms and ISPs to large corporates and SMEs for over twenty three years. Partnering closely with both industry leading and niche technology vendors to bring customers the best solutions the industry has to offer. Read more at www.netutils.com.