Post on 05-Dec-2014
description
1
"Many of the most damaging security penetrations are, and will continue to be, due to Social Engineering, not electronic hacking or cracking . . . Social Engineering is the single greatest security risk in the decade ahead."
91% of data breaches start with a “spear-phishing” email, research from security software firm Trend Micro shows.
Explosive Malware Growth: Endpoint Security does not catch it all
Organized, focused and financially motivated hackers
100,000+ new malware variants released each day
800 million phishing emails are sent each day with those levels continuing to rise.
Zero-day exploits and drive-by downloads creating need for regular Internet Security Awareness Training
Percentage Of Malware Not Being Caught
February 2009 saw the introduction of RAP testing to Virus Bulletin's VB100 comparative reviews, measuring products' reactive and proactive detection abilities against the most recent malware that has emerged around the world. McAfee and Microsoft highlighted with Blue Stars. Above graph was published early 2013. And that is just malware that AV companies know about. There is more Stuxnet and Flame-type malware out there. Source: http://www.virusbtn.com/vb100/rap-index.xml
Why Organizations Need Internet Security Awareness Training
‘Defense in Depth’ security. Organizations defend their networks on each of these six levels. End User Internet Security Awareness Training resides in the outer layer: Policies, Procedures, and Awareness.
End User Security Awareness is an important piece of the security puzzle because many attack types go after the end user (called social engineering) to succeed.
End User Security Awareness can affect every aspect of an organization’s security profile, as it is where security starts! That is why it is so important that organizations give their end-users Internet Security Awareness Training.
Policies, Procedures & Awareness
Perimeter
Internal Network
Host
Application
Data
KnowBe4 Internet Security Awareness Program
1. Establish initial Phish-prone percentage 2. Train (On-demand Security Awareness Training)3. Test (Continued Phishing Security Tests)4. Educate (Ongoing Security Hints and Tips Emails)5. Reporting and Tracking Results (Your Management
Console)
7 Reasons Companies are Outsourcing Online Training
1. Reduce Costs - How you manage training is always about how you manage costs.
2. Access to Talent - Especially hard when it gets to Security Awareness Training which is highly specialized.
3. Geographic Reach & Scalability – Being able to train all employees worldwide via distance learning on the same security processes and procedures, and flex resources.
4. Compliance - Many organizations these days are required to comply with a multitude of regulations, just take the PCI (Payment Card Industry) Security Program for example.
5. Mitigate Risks – Training helps to prevent failures and from the liabilities of being sued for insufficient training, a clear and present danger in the case of cyber heists.
6. Training is not Core to the Business - For many organizations, training is a necessity, but the development, management and delivery of training is a distraction.
7. Leverage the Cost of Technology – One of the first major investments is a Learning Management System. Why incur these costs when the outsourcing company has already paid for it?
KnowBe4 has a unique competitive advantage provided by its automated Phishing Security Tests
Value Proposition: Risk and Opex
• Reduced malware infections• Reduced data loss• Reduced potential cyber-theft• Users have security top of mind
• Reduced help desk calls• Reduced cleaning and re-imaging
of machines• Reduced down time, increased
user productivity• Real ROI
RISK
OPEX
10
Web Demo on Request: carolm@knowbe4.com
Questions and Answers