Security Awareness Training: User Education

Phishing, spearphishing, CEO Fraud/Business Email Compromise (BEC) and ransomware represent a group of critical security threats that virtually every organization will encounter at some point – and most already have.

While phishing actually started in the 90’s, it became a much more serious problem in the mid-2000s. The logical evolution of phishing – spearphishing (targeted against a group, a company or individuals within that company) and CEO Fraud/BEC (which targets senior executives within a single company) – are increasing rapidly and costing organizations hundreds of millions of dollars each year. Add to this the fact that ransomware is reaching epidemic proportions and increasing at an even faster pace, growing from an impact of “just” $24 million in 2015, increased to approximately $1 billion in 2016, and$8 billion in 2018

Security Awareness Training

Fundamentally, security awareness training is really more about security behavior training:

The goal is to provide information to employees that will help them to be more informed about security threats, more skeptical about what they receive in email or through other channels, and less likely to commit damaging behaviors like clicking on malicious links in email, oversharing on social media, or believing requests delivered through electronic channels without first verifying them.

Most organizations have been victimized

65% of organizations have been the victim of various types of security threats, most notably phishing attacks that were successful in delivering malware, targeted email attacks and data breaches.

Phishing and spearphishing are on the increase

More than 90% of organizations report that phishing and spearphishing attempts reaching end users over the past 12 months are either increasing or staying at the same levels.

Most users are not adequately equipped to deal with phishing and spearphishing

Security professionals lack confidence in their end users’ ability to deal with phishing and spearphishing, and also in the level of training that they receive on these two threats. For example, on a scale of 0 (not confident at all) to 100 (very confident), security professionals gave employees in their company a rather mediocre confidence rating of 64 when asked if these employees were well-trained to deal with phishing. Security professionals gave the same confidence score when asked about senior executives’ likelihood of clicking on a spearphishing link, but have even less confidence when asked about employees clicking on phishing links.

If you’d like to learn more about how Louisville Geek can assist your organization with Security Awareness Training, please fill out the form below and a Louisville Geek representative will contact you within 1 business day.

Security Awareness

  • Please provide any additional information that might help us expedite your request.