Creating the Human Firewall

At the core of all modern business operations are three key elements: People, Processes and Technology. In the case of cyber security, people have always been the weak link.

While technologies such as Anti-Virus, Anti-Malware and Firewall’s play an essential role in securing modern-day digital devices and networks, they are by no means perfect. Such technologies only provide coverage against those Cyber Attacks which are already known to Anti-Virus and Anti-Malware software vendors (AV Comparatives, 2017; Wall Street Journal, 2014).

With the advent of Executable Compression, Code Obfuscation and Polymorphic/Metamorphic Malware, Cyber Criminals now have the ability to easily produce Malware that avoids detection by market leading Anti-Virus and Anti-Malware software. As a result of this, Cyber Criminals are now in a position whereby they can use custom-built Malware for each individual attack that they carry out (therefore drastically increasing the likelihood of a successful attack)

Research has shown that Spam/Phishing filtering software only has a success rate of 93%.

Given the sheer quantity of phishing e-mails in circulation at present, this gap of 7% ensures that a significant amount of phishing e-mails end up in the inbox along with legitimate e-mail – and this is where the danger lies.

• 1 in every 1,846 e-mails sent globally is a phishing e-mail; however certain business sectors, company sizes and employees are targeted more often than others: companies ranging in size 1 – 1000 employees are 50% more likely to be the target of a cyber attack via phishing in comparison to larger companies (with companies in the 251 – 500 range twice as likely to be the victim of a phishing attack in comparison to the 1 – 250 and 501 – 1000 ranges respectively)

• In terms of industry, the retail sector is almost twice as likely to be the victim of a phishing attack in comparison to other sectors.

• While in terms of employees, staff in the areas of HR, Payroll and Finance are targeted in 96% of advanced Phishing Attacks.

The Cyber Security Threat from Users

From our experience, we see that users are seldom doing something that they consciously know is a risk to security. Most of the time, if they do something dangerous it is out of naivety and an innocent mistake. However, sometimes there are users who are oblivious to the fact that they have been hacked or compromised with malware, but others are unfortunately doing something deliberately to be malicious and these are often people who are about to leave the business on bad terms – so called “rogue employees”.

Here’s a graphical view:

Managed Security Awareness Training – Features

• Gamified, highly interactive and enjoyable security awareness training
• Recreate any phishing attack including ransomware, BEC, wire fraud, CEO fraud.
• Phishing tests with links, attachments and fake log-in pages
• Simulate phishing attacks impersonating internal email addresses.
• Avoid users tipping each other off using burst mode which sends multiple templates in one campaign.
• Every user interaction fully recorded for reporting.
• Identify repeat offenders, high-risk departments or locations.
• Identify geo-location, operating system and browser edition.

• SCORM compliant, LMS compatible

• Never lasts more than 8 – 10 minutes.

• Useful at home and in the workplace

Our advanced real time intervention service, acts in real time to assist users and prevent them creating a security risk.

• Train employees in their exact moment of need i.e. when they take a risk and don’t even realise it.
• Automatically send training content, policy reminders, data regulations and compliance standards to staff when they engage in risky cyber behaviours.
• Send relevant snippet from a company policy document tied to the specific user activity.
• Maximize ROI on your technical defences.
• Reduce admin overhead by delivering repeatable and consistent training content