eBook

Security Awareness Champion's Guide

Cheat Codes for Beating Cybercrime with Security Awareness Training

It’s Not Safe to Go Alone, Take This:

The Effectiveness of Security Awareness Training

Security awareness training isn’t an exciting solution to cybersecurity problems. It doesn’t thrill you with innovation or wow you with next-level technology. But do you know what it does do? It works.

This powerful, affordable secret weapon empowers your business to defeat cybercrime - and we’ve got the stats to prove it.

  • Regular security awareness training reduces cybersecurity incidents by 70%
  • 62% of businesses do not do enough cybersecurity awareness or phishing resistance training
  • The number one cause of a data breach or cybersecurity disaster is human error
  • 86% of CISOs in a recent survey listed improving security standards as a top priority
  • 45% of workers receive no security awareness training at all
  • 78% of employees are aware of the risks of suspicious links in emails but will click them anyway
  • 93% of security professionals agree that strong human and machine security protection is the most effective way to prevent disaster
  • Even the “least effective” programs have a seven-fold ROI
  • Most cybersecurity awareness training programs have a 37-fold ROI
  • 49% of workers doubt their ability to identify a social engineering attack
Game Over:

The Price of Failure

No one wants to endure an expensive, messy, and disruptive cybersecurity disaster. Unfortunately, current trends indicate that the chance of a company being targeted by a cyberattack is growing quickly, and the cost of being caught flatfooted has never been higher.

  • 80% of businesses have experienced an increase in cybercrime
  • Cybercrime damage is expected to reach $6 trillion by 2021
  • 30% of companies will experience at least 1 data breach each year
  • Data breaches have increased worldwide by 50%
  • GDPR violations have cost companies more than $126 million in penalties

CYBERCRIME LEADERBOARDS: 2020 vs. 2019

Phishing has
increased by

667%

Cloud-based attacks
are up more than

625%

Business email compromise
fraud is up

200%

Ransomware attacks
have grown by

148%

Credential stuffing attacks
have surged

141%

Expert Tips & Tricks

  • Update Training Regularly
    Studies show that workers only retain the knowledge that they’ve gained about things like phishing for about 4 months.
  • Train Everyone, Every Time
    74% of data breaches involve access to a privileged account like an executive or administrator
  • Stay Alert to Dark Web Danger
    It may sound like a nebulous threat, but more than 60% of the information on the Dark Web can harm businesses.
  • Get Serious About Password Hygiene
    More than 60% of all cybercrime is committed with stolen, cracked, or compromised passwords.
  • Remote Workers Need Extra Training
    43% of remote workers admit to making mistakes that resulted in cybersecurity repercussions for their companies.

Credential Stuffing

  • Type of threat: Brute Force Attack
  • Targets: Email and systems access gateways
  • Danger: Medium
  • Challenge Rating: Difficult

This increasingly common attack type is a dangerous foe. Fueled by the massive amounts of data available in Dark Web markets and data dumps, cybercriminals throw as many passwords as they can at entry points in a blizzard of blows, hoping that one will be a key to the door. Credential Stuffing is a risk that only grows with time, as more stolen information like password lists and user records makes its way to the Dark Web.

DEFEAT IT
A few simple precautions can help companies get the last laugh against Credential Stuffing:
Multifactor Authentication with Passly
Requiring a second code for access to systems and data means that even if cybercriminals do happen to acquire a password that works, they’ll need a second code to get in, neutralizing the threat.
Dark Web Monitoring with Dark Web ID
Keep an eye on credential security by having business credentials monitored 24/7/365 for compromise. If one turns up in a Dark Web market, you’re notified fast to stop password-based attacks before they start.

Business Email Compromise

  • Type of threat: Phishing
  • Targets: Staffers, prefers highly privileged accounts
  • Danger: Medium
  • Challenge Rating: Difficult

Take phishing, blend it with disguises, and add the patience to play a long con, and you’ve created a Business Email Compromise attack. Cybercriminals turn to this format for two purposes: to steal money from a business directly, or to use a company’s trustworthy reputation to steal money from other businesses through impersonation.

DEFEAT IT
Improve Everyone’s Phishing Defense with BullPhish ID
Make sure that everyone on a company’s network is up-to-speed on common phishing threats and how to handle them, especially highly privileged users and executives – with phishing simulation campaigns and online security awareness training.
Control Access from Single Sign-on LaunchPads with Passly
Instead of setting individual permissions per application, give each user on a network their own unique launchpad. Not only does it eliminate pain points for tech staff, it also allows access to be quickly removed from a compromised account.

Password Compromise

  • Type of threat: Hacking & Theft
  • Targets: All employees, with special emphasis on administrators
  • Danger: Medium
  • Challenge Rating: Difficult

Password sharing, recycling, and mishandling is an ancient and terrible cybersecurity foe that just keeps reappearing. Through everything from writing down passwords, creating weak passwords, and sharing passwords among staffers, password compromise is always a disaster.

DEFEAT IT
Secure Identity and Access Management with Passly
A password alone isn’t a good enough way to keep systems and data safe no matter how you make it. A multifunctional secure identity and access management solution lets businesses use multiple shields to guard their access points in one cost-effective move.
Watch for Sneak Attacks with Dark Web ID
A staffer could be recycling or reusing an already compromised password – especially if it’s one they use for both work and home applications. Add a guardian that runs up the red flag if a protected password hits the Dark Web.

Ransomware

  • Type of threat: Phishing & Malware
  • Targets: All employees, with special emphasis on administrators
  • Danger: Medium
  • Challenge Rating: Difficult

The monster under the bed for cybersecurity professionals is ransomware. This nasty parasite grabs ahold of a business through phishing to install malware that steals data and locks up systems. Dangerously easy to catch, incredibly difficult to dislodge, and extremely expensive to recover from, ransomware can be so damaging that it puts companies out of business.

DEFEAT IT
Stay on Top of it with BullPhish ID
Ransomware is most often delivered through email. Frequent, easy-to-understand phishing resistance training that includes engaging videos and online testing makes every user more wary about email threats.
Hide the Keys to the Kingdom with Passly
You know what makes a cybercriminal’s job even easier? The administrator passwords to your servers, databases or applications. Secure Shared Password Vaults add an extra layer of security between intruders and highly privileged passwords while still enabling IT staffers to find exactly what they need when they need it in a central repository.

Phishing

  • Type of threat: Social Engineering
  • Targets: Any user through email, text, social media, messaging, calls, fraud, and deception.
  • Danger: Epic
  • Challenge Rating: Extreme

Phishing is the poisoned swamp that spawns many of today’s most dangerous cyberthreats, like its nastiest child, Ransomware. It’s also the number one threat that businesses face today, and it’s very slippery. Phishing can arrive in a plethora of disguises like:

SPEAR PHISHING
A carefully crafted, highly convincing email that fraudulently directs the victim to “update account credentials”, handing them over to cybercriminals.
SMISHING
An innocent looking text from a “coworker” (who is actually a cybercriminal) asking for an administrator password to complete a routine, annoying task.
VISHING
A voicemail that contains a request for access from a “contractor” (who is really a bad actor) who just needs a password for your database to complete a maintenance task.
DEFEAT IT
Extraordinary Phishing Resistance with BullPhish ID
The best way to avoid falling victim to a phishing attack is to refuse to take the bait. Use the perfect combination of the latest threat information presented in bite-sized pieces, simple remote campaign management and deployment, and regularly updated lessons in eight languages to transform employees from the biggest security threat into the biggest security asset for a business.
Multifunctional Defense with Passly
Put more than one layer of defense between the bad guys and the heart of any business with the multipurpose, dynamic protection that’s included as a standard feature of this innovative, award-winning secure identity and access management solution.

Insider Threats

  • Type of threat: Varied
  • Targets: Business systems and data
  • Danger: High
  • Challenge Rating: Very Difficult

The number one cause of cybersecurity disasters is human beings. Insider threats don’t only include malicious actors like employees selling their login credentials or stealing information. They also include negligent, careless, rushed, tired, and ignorant employees making cybersecurity blunders like forgetting to lock a database or falling for a phishing email, making insider threats a two-headed monster for businesses.

DEFEAT IT
Stay on Top of it with BullPhish ID
Ransomware is most often delivered through email. Frequent, easy-to-understand phishing resistance training that includes engaging videos and online testing makes every user more wary about email threats.
Hide the Keys to the Kingdom with Passly
You know what makes a cybercriminal’s job even easier? The administrator passwords to your servers, databases or applications. Secure Shared Password Vaults add an extra layer of security between intruders and highly privileged passwords while still enabling IT staffers to find exactly what they need when they need it in a central repository.

Dark Web activity has increased by more than 300% in the last year

The cybersecurity landscape is fraught with peril, and that won’t be changing anytime soon. Investing in security awareness and phishing resistance training doesn’t just pay off now, it also keeps paying dividends over time to keep businesses (and budgets) safe.

95% of cybersecurity professionals expect a dramatic increase in cybersecurity risk from new cybercrime technology and IoT devices in the next two years. Phishing resistance training makes staffers 84% less likely to fall for phishing. 93% of security professionals agree that strong human and machine security protection is the most effective way to prevent disaster.

Don’t Put Off Strengthening Cyber Resilience with This Secret Weapon.

Unbeatable Winning Strategy

Even in challenging economic conditions, cybersecurity isn’t a game where any business can afford to lose points by making budget cuts that weaken your defenses. Defeat the biggest business cybersecurity threats with this unbeatable winning strategy.

Make this killer combo move to keep systems and data safe today and tomorrow:

  • Dynamic security awareness training that makes employees strong defenders
  • Engaging phishing resistance training that includes up-to-date threats
  • Secure identity and access management that keeps access points safe
  • Real-time Dark Web threat intelligence 24/7/265 to alert you to danger fast

Start Your Organization’s Transformation from Vulnerable to Protected Now, Because Your Threat Meter is Rising.