Staff training one of the ways to reduce companies’ cyberattack risk
ANNA COLLARD Enterprises should include training to reduce the cybersecurity risks from attacks on employees
People remain one of the key weak links in cybersecurity defence, but training them and testing their propensity to fall for phishing attacks delivered by email, social media messages or WhatsApp can significantly reduce the risks of cyberattacks against companies, says cybersecurity training firm KnowBe4 MD Anna Collard.
Phishing attacks are one of the most frequently used vectors of attack that lead to cybersecurity breaches. More than 32% of breaches are linked to successful phishing attacks, according to telecommunications multinational Verizon’s ‘Data Breach Report 2019’ report, followed by credential theft.
Measuring the cybersecurity awareness and propensity of personnel to fall victim to cyberattacks enables a company to quantify its risks and take steps to lower them, explains Collard.
KnowBe4 provides cybersecurity training from basic to executive level. It captures all the information from training participation and phishing simulation testing to identify the propensity of employees to fall victim to phishing and scam emails, and thereby manage the risks.
“Given the amount of resources companies are allocating to cybersecurity, proportional resources should also be allocated to secure the most vulnerable elements of your network, which are your people. However, there should also be a quantifiable baseline and improvement to determine the efficacy of the training.”
The company uses gamified and story-based training content and exercises to equip personnel with knowledge about cyberrisks and common attack strategies, as well as best practices to follow in the event of a possible attack, such as delaying a process and seeking confirmation of the veracity of an instruction, says Collard.
Simulation exercises and mock phishing attacks are used to determine the susceptibility of personnel to fall for phishing and fraudulent emails and communications, which is called a ‘phish-prone’ rate.
“KnowBe4 has the statistics from more than nine-million people we have trained, and has demonstrated that awareness and training can reduce the average propensity of personnel to fall victim to such attacks from about 30% to below 5%.”
Stealing credentials is one of the easiest ways cybercriminals use to break into cloud systems and services, and only requires an attack on employees, not against well-protected information technology (IT) systems. Cybersecurity training, phishing and attack simulation and tests help to reduce credential theft by not only making users more aware of the threat through training but also actually exposing them to mock versions of these kinds of attacks.
The KnowBe4 training also includes the client’s IT and security teams, which helps to spread awareness of the roles of IT in cybersecurity and establishes channels for employees to report suspicious emails or attachments to the IT department or to check whether a link is malicious.
“We also add a reporting button to the client’s email platform, which enables employees to check or report a suspicious email easily.”
Further, the company’s training is based on rigorous psychological foundations and adheres to training and change management best practices, including establishing a baseline among a client’s employees and monitoring training progress and effectiveness.
After training, KnowBe4, which works closely with its clients’ human resources departments, also provides material, tests and simulations that are used for further training and testing.
KnowBe4’s reporting provides visibility of the efficacy of training. It has been able to reduce an average phish-prone rate from about 30% to 15% within 90 days and to below 5% within 12 months.
“Our role is to address the human in cybersecurity, which makes cybersecurity measures more effective, and makes companies’ cybersecurity policies known and effective. Training also establishes cybersecurity best practice, including awareness and reporting phishing to IT security.”
Comments
Press Office
Announcements
What's On
Subscribe to improve your user experience...
Option 1 (equivalent of R125 a month):
Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format
Option 2 (equivalent of R375 a month):
All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors
including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.
Already a subscriber?
Forgotten your password?
Receive weekly copy of Creamer Media's Engineering News & Mining Weekly magazine (print copy for those in South Africa and e-magazine for those outside of South Africa)
➕
Recieve daily email newsletters
➕
Access to full search results
➕
Access archive of magazine back copies
➕
Access to Projects in Progress
➕
Access to ONE Research Report of your choice in PDF format
RESEARCH CHANNEL AFRICA
R4500 (equivalent of R375 a month)
SUBSCRIBEAll benefits from Option 1
➕
Access to Creamer Media's Research Channel Africa for ALL Research Reports on various industrial and mining sectors, in PDF format, including on:
Electricity
➕
Water
➕
Energy Transition
➕
Hydrogen
➕
Roads, Rail and Ports
➕
Coal
➕
Gold
➕
Platinum
➕
Battery Metals
➕
etc.
Receive all benefits from Option 1 or Option 2 delivered to numerous people at your company
➕
Multiple User names and Passwords for simultaneous log-ins
➕
Intranet integration access to all in your organisation