by Andrea Lee Taylor
4:30 min read
Phishing remains the top human security risk. But what works to help mitigate the risk? There are proven, measurable, methods. So we thought we'd share a post you might appreciate from one of our partners.
Wombat 2017 Beyond the Phish
by Gretel Egan, Marketing Brand Manager @WombatSecuirty
Wanting industry- and category-specific data points that illustrate business implications and highlight knowledge deficiencies in end-user cybersecurity knowledge? Our partner, Wombat Security Technologies’ 2017 Beyond the Phish Report™ is now available for download.
This analysis represents more than 70 million questions asked and answered — a survey of over a thousand US and UK working adults. The report examines strengths and weaknesses related to phishing threats, but also analyzes end-user knowledge beyond the phish. Within the Beyond the Phish Report, we explore employee understanding of business-critical cybersecurity best practices such as data protection measures, mobile device security, safe social sharing, password hygiene, and more. It’s important that organizations take the opportunity to evaluate knowledge across a range of topics, as poor cyber hygiene in these areas can compound the phishing threat and weaken security postures in general.
Wombat President & CEO Joe Ferrara noted, “We continue to see in our year-over-year results that reinforcement and practice are critical to learning retention. As with any learned skill, organizations need to work on cybersecurity awareness and knowledge to see continual improvements. Organizations that focus on building a culture of security and empowering their employees to be a part of the solution develop the most sustainable and successful security awareness training programs.”
Areas of Improvement
Key areas from the 2017 Beyond the Phish analysis that revealed room for improvement include the following:
Areas of Improvement
While we can likely all agree that there is always room for improvement with regard to managing end-user risk, the 2017 Beyond the Phish Report did reveal categories and industries in which employees are improving year-over-year:
Ultimately, the 2017 Beyond the Phish Report shows the need to continuously assess and train employees about cybersecurity threats. Infosec teams cannot assume that knowledge is a constant; like any skill, cybersecurity expertise needs to develop over time, and users need the opportunity to practice and grow their abilities. An hour of training, once a year, is not the way to move the dial on behavior change, nor can anyone tool serve as a silver bullet to knowledge enhancement. It is a combination of phishing tests; question-based knowledge assessments; interactive training; reinforcement techniques and tools; and gathering of metrics and business intelligence that will give your security awareness and training program the best shot at success.
As always, Wombat and Anchor Technologies remain poised to be the partners that can help you move the dial and deliver measurable behavior change within your organization.