GlobalCerts is excited to announce our reseller partnership with KnowBe4, Inc.! KnowBe4 is the world’s largest integrated platform for security awareness training combined with simulated phishing attacks. By partnering with KnowBe4, GlobalCerts is able to offer our customers a more comprehensive approach to protecting their organizations from email-borne threats. Even the best email security filters fail to detect 10% of targeted phishing and social engineering attacks. Users are often the last line of defense in preventing successful attacks. Furthermore, over 91% of successful data breaches start with a spear phishing email.
What is Security Awareness Training?
In short, Security Awareness Training (SAT) is a crucial, but often missing piece to the information security puzzle. SAT is all about hardening the ‘human element’ within your organization. It revolves around these key components:
- Testing: An organization needs to know how susceptible each of their users are to social engineering attack. The best way to do this is with regular and unexpected phishing simulations as well as other forms of social engineering attacks like vishing (voice-based) and physical threats like USB drops.
- Educating: Ensure that every team member (even contractors) that access your information resources understand their role in protecting the organization. They need to be able to recognize hallmarks of the most common threats, understand the vulnerabilities they can create, and know how to react when confronted with a security situation.
- Repeating: The threat landscape is constantly changing. Organizations must make sure to continually test and reinforce lessons, taking into account new types of attacks. Attackers are evolving their tactics constantly to take advantage of new vulnerabilities and current events.
The Problem: ‘Old-School’ Awareness Training
Let’s face it; an annual PowerPoint presentation about security awareness just doesn’t cut it anymore. Just look at the near daily reports of major ransomware and data breaches in the news. Most of them are caused by an uneducated user not recognizing a social engineering attack, usually via email. It’s obvious that a more holistic approach is needed for teaching users good cybersecurity hygiene. Training and a ‘security culture’ must become part an integral part of their job role without feeling like a burden.
A Modern Approach
A new-school approach to security awareness focuses on the most critical components often missing from legacy methods:
- Visibility: You need clear insights into how prone your users are to social engineering attacks, both on a collective and individual level. Being able to regularly phish users as well as test their knowledge directly is critical.
- Customization: SAT is not a one-size-fits-all solution you can just install and forget about. It must be custom tailored to your organization with its unique threats and attack vectors. Simulations must be applicable to your industry and technologies used within the organization. Training material needs to engage your users in their learning style. Whether that is through more serious, straightforward training, or using a more playful approach involving games or comedic videos, it doesn’t matter. The point is getting the information to your users in a format they can engage with.
- Automation: An awareness program must change over time and adapt as your users awareness and their threats change. But managing a customized training program for each user by hand is just not feasible. A more modern platform should be able to automatically assign training based on results of simulated attacks, moving users from different risk categories as they improve. Also, modern platforms should gain synergy by allowing your users to actively report attacks, and use this information to protect other users that may have received the same email. Further, you can even use these real-life attacks as teachable moments by creating a simulation based off inoculated versions of the real phishing emails.
You need a platform that will keep your users on their toes with security top of mind. With a new-school integrated platform. you can train and phish your users, see their Phish-prone percentage™ and their Risk Score improve over time and get measurable results.
Security Awareness as a Service
Having the tools and relevant learning materials is vital to a security awareness, but you also need the time and knowledge to set up and monitor a well-functioning program. Larger organizations may have the dedicated IT security pros to manage their employees’ security awareness training, but often SMBs simply do not have the time or resources to effectively manage a SAT program. GlobalCerts can take the burden of setting up and maintaining security awareness off the shoulders of your already stretched IT department. We can provide expert assistance with:
- Setup/Integration: Utilize KnowBe4’s Automated Security Awareness Program (ASAP) to create a custom tailored program unique to your organizations size, location and industry. As part of this process, we can set up automatic user creation/syncing with Active Directory/LDAP as well as SAML authentication for seamless user access to the portal.
- Initial Assessment: After onboarding your users and environment, launch an initial phishing simulation test. This will allow visibility into your user’s current Phish-prone percentage™ and give you visibility into the individual users or groups that are the highest risk. From here, we can fine tune a training program that targets users based on the results of the assessment with the end goal of reducing their susceptibility to social engineering.
- Training Customization: The key to a successful awareness program is making sure that the training resonates with your users, and that the tests are believable, but give off just enough ‘red flags’ to raise suspicion. Over time the training material and tests must be fine-tuned as your users become more security-aware and as threats change.
- Incident Response: Utilizing PhishER, we can manage emails reported by users and develop automation rules to auto-classify them as false positives, spam, or a real phishing email. From there, we can utilize PhishRIP™ to automatically delete the same emails from other user’s inboxes. Then with PhishFlip™, you can take your user-reported phishing email threats identified by PhishER and turn what was an active phishing attack into a safe simulated phishing campaign.
To learn more about how GlobalCerts can help build an effective Security Awareness Training program for your organization utilizing KnowBe4’s platform, contact us or email firstname.lastname@example.org today!