Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
70 Million Responses Can’t be WrongAmy BakerVP of MarketingWombat Security Technologies
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
Assess, train and gather intelligence about end user cyber security knowledge & behavior
Leading Behavior Change Company
Global customer base including many Fortune 500 companies
Wombat sells cyber security software solutions that change
end user behavior
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
More than
millionquestions asked and answered
70
Beyond the Phish
NEW! Highlights from our 2017 User Risk Report, which compiled results from a third-party survey of 2,000 working adults.
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
10% increase in correct answers (7 million)
How Are End Users Doing?Average Percentage of Questions Answered Incorrectly
OVERALL
22%QUESTIONSINCORRECT
2016
20%QUESTIONSINCORRECT
2017
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
Further Focus on Industry DataAverage Percentage of Questions Answered Incorrectly by Industry
24 24 24
23 23 23 23
22 22 22
21 21 21 21
20 20 20
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
Look Beyond The Phish to Root Cause
Failing to identify phishing threats
Failing to protect confidential
information
Unsafe mobile device practices
Disposing of data improperly
Social media oversharing
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
How Are End Users Doing?
Protecting confidential information
26%
Protecting and disposing of data securely
25%
Identifying phishing threats
24%
Protecting mobile devices and information
24%
Using social media safely
22%
Average Percentage of Questions Answered INCORRECTLY
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
8
Protecting Confidential Information
QUESTION
27%QUESTIONSINCORRECT
2016
26%QUESTIONSINCORRECT
2017
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
One of the questions users struggled with the most was around the use of shared login credentials.———
FACT
To minimize this practice, employees should be made aware of the personal implications of allowing coworkers to access sensitive retail and healthcare systems using their credentials.
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
Protecting Confidential Information
Industries Struggling the Most:
Education
29%Energy
35%
Transportation
28%
Healthcare
29%
Professional Services
28%
Insurance
31%
Defense Industrial Base
27%Other
27%
Knowledge of End-User Cybersecurity Best Practices forPCI DSS and Healthcare Data Protection
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
11
Protecting and Disposing of Data Securely
QUESTION
30%QUESTIONSINCORRECT
2016
25%QUESTIONSINCORRECT
2017
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
Protecting and Disposing of Data Securely
Industries Struggling the Most:
Transportation
28%Consumer Goods
32%
Healthcare
27%Technology
27%
Retail
30%
Energy
26%
Topics addressed include destruction of electronic and paper documents, use of USB devices, and classification of sensitive data.
Entertainment
26%
Hospitality
27%
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
13
Identifying Phishing Threats
QUESTION
28%QUESTIONSINCORRECT
2016
24%QUESTIONSINCORRECT
2017
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
Identifying Phishing Threats———
FACT
This topic was the most popular with our customers. More than half of the assessment and training questions delivered to end users during our reporting period were related to phishing threats, and there was an even bigger emphasis on this topic than last year.
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
This category focuses on the different indicators and ramifications of phishing attacks
Identifying Phishing Threats
Click rate data is from our 2017 State of the Phish Report.
18%
Healthcare
26%Click Rate*
On Simulated Phishing Attacks
Questions IncorrectIn KnowledgeAssessments
vs.
14% 24%Click Rate*
On Simulated Phishing Attacks
Questions IncorrectIn KnowledgeAssessments
vs.
Check out our State of the Phish™ Report for more data about phishing attacks.
Government
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
16
Protecting MobileDevices and Information
QUESTION
15%QUESTIONSINCORRECT
2016
24%QUESTIONSINCORRECT
2017
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
According to Pew research, as of January 2017:
Protecting Mobile Devices and Information
of Americansaged 18-29 have a smartphone
92%of Americansaged 30-49 have a smartphone
88%
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
Protecting Mobile Devices and Information
Industries Struggling the Most:
Energy
27%Hospitality
34%
Healthcare
27%Manufacturing
26%
Retail
30%
Questions pertain to the implications and ramificationsof unsafe mobile applications and invasive permissions
Insurance
26%
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
19
Using Social Media Safely
QUESTION
31%QUESTIONSINCORRECT
2016
22%QUESTIONSINCORRECT
2017
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
Keep These End-User Risks in Mind ———
71% regularly use corporate devices outside the office
54% view or post to social media on those devices
43% allow friends or family members to view or post to social media on those devices
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
Using Social Media Safely
Industries Struggling the Most:
Hospitality
25%
Retail
31%
Social Media concepts include recognizing imposters and oversharing on social media networks
Transportation
29%Consumer Goods
26%
Defense Industrial Base
33%Telecommunications
36%
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
How Are End Users Doing?
Working safely outside the office
80%
Using the internet safely
81%
Protecting against physical risks
82%
Protecting yourself against scams
86%
Building safe passwords
88%
Average Percentage of Questions Answered CORRECTLY
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
What is my password?
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
24
Effective Approaches to Improving End User Knowledge
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
Application of Learning Science Principles
• Present concepts and procedures together
• Bite-sized lessons• Story-based environment• Learn by doing• Use conversational tone• Create teachable moments• Provide immediate feedback• Collect valuable data
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
Continuous Training Methodology
Analyze and
Repeat
Simulated attacks and knowledge assessments
Interactive training modules and games
Attack reporting, videos, posters, and articles
Detailed reports show progress
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
o Assess knowledge and vulnerabilityo Gather baseline resultso Intelligence for planningo Motivate users
Knowledge Assessments & Mock Attacks
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
Leveraging Teachable Momentso Intervention messageo Less than 30 secondso Immediate feedbacko Provides context
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
In-Depth Education• Bite-sized education• Learn by doing• Stories & scenarios• Provide immediate
feedback• Collect valuable data
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
Reinforce and Repeato Remind employees of security principleso Encourage them to report attackso Reinforce training moduleso Retain knowledgeo Respond appropriately
#StateofthePhish
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
o More than 89% reduction in phishing susceptibilityo 90% reduction in successful phishing attackso More than 67% reduction in click rateso 42% reduction in malware infections
Achieving Measurable Results
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
Methodology• Regular phishing simulations and knowledge
assessments with Auto-Enrollment to address vulnerable users
• Quarterly organization-wide training
• Use of customized Training Jackets on all modules to emphasize policies
• Consistent measurement and reporting
Results• Average click rates went from 19.8% to 2.1%
Problem• IT team was tasked with developing and
delivering an organization-wide security program
• Complete executive- and board-level buy-in from the beginning
Case Study: Employee Benefits Organization
More than 89% reduction in click rates
“Without Wombat, it would be very hard to do as comprehensive a program as we do. We absolutely feel there’s a big benefit to partnering with an expert to quickly incorporate assessment and education tools.”
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
• End Users need to be more knowledgeable– Protecting Confidential Information– Protecting and Disposing of Data Securely– Identify Phishing Threats– Protecting Mobile Devices and Information– Using Social Media Safely
• It’s time to focus on the root cause • How would your end users’ knowledge
compare in these areas?
70 Million Responses Can’t be Wrong
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
Clear Leader for Four Years
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
Free Resources for You – wombatsecurity.com
• Wombat Cybersecurity Blog
• Wombat Ransomware Resource Center
• Wombat Webinar Library
• Wombat Case Studies and POCs
• Wombat Research Papers
• Cybersecurity Communications Calendar
• Security Awareness Infographics
© 2008 - 2017 Wombat Security Technologies, Inc. All rights reserved.
Q & A