Scott's Human Cyber Security Insights for June 9, 2024

Hello, Phishing Fighters! ?? ??

Welcome to this week's Human Cyber Security Insights. In this issue, we'll be discussing:

?? Why you should get precise with your metrics

?? What we can learn from looking back on 2023's most notable breaches

?? Webinar Recording: Back FROM the future with Conceal

?? Vendor product training vs. foundational training for IT staff

?? Why prolong the time it takes to remediate employee vulnerabilities?

1) Tip of the Week: Get precise with your metrics

CISOs don't know what they are missing when they are not told what metrics are available.

For example, if you don't have a tire pressure indicator on your car's dashboard, you don't realize when your traction and tire wear are deteriorating. So, the only indication may be that your fuel consumption seems high, and you'll have to guess at what's causing it.

When incidents involving employees rise (or click rates rise, or reporting rates fall), you don't really know why.

I've been in discussions with IT Security managers recently where they were trying to assess this exact issue. Why were they seeing certain results and trends? They knew that executives would ask this question, so they needed some "plausible stories".

But really, they are just guessing.

It can be really hard to introduce new metrics, but just stop and think about how you can determine more precisely what employees' proficiency is in certain areas of their defensive skills. What if you could get employees to do exercises and practice spotting specific types of clues to potentially malicious situations, but also their ability to recognize legitimate messages, calls and in-person situations?

Let me know if you'd like to discuss this idea further.

2) Cyber Security in the News: What we can learn from looking back on 2023's most notable breaches

Forrester released an article on the most notable breaches of 2023 - and what we can learn from them. Most of the breaches included third-parties, weak or stolen credentials, or social engineering.

See what other trends you can spot in this report and note down what could be relevant to add to your program.

3) WEBINAR RECORDING: Back FROM the Future

In this special, joint webinar, sponsored by Click Armor? and Conceal where we examined several recent security breaches and, as if we could go back in time. We looked at key factors in those breaches, and what could have been done to prevent them.

You can view the full recording HERE.

Share this one with your favorite CISO, SOC Manager, Security Awareness Manager, IT Security Manager or MSP!

4) Vendor product training vs. foundational training for IT staff

Chris Ellis joined us last week for a discussion on "Training IT teams on cyber security", and highlighted the difference between vendor product training and more foundational training for IT staff.

The recording for the full session with Chris can be viewed HERE.

5) Why prolong the time it takes to remediate employee vulnerabilities?

Do team members who fail your live phishing simulations end up in a never-ending loop of remedial tests, with no help to learn?

This X user said that they failed a test months ago and still receives multiple phishing tests.

Here's the truth: It really is not an efficient training strategy to use "increased frequency" of phishing simulations to remediate employees who are vulnerable. If your remediation training can actually be targeted at the area where the employee is struggling (why did this user click the link?) and is engaging, it shouldn't take them multiple months to get the hang of it.

However the employee below doesn't even mention whether or not they received additional training; just additional testing. So, was this user ever given support to more quickly address their weak area of knowledge that caused the original error?

Or were they just expected to learn without being taught? That's a long and risky process.

About Click Armor?...

When the only tools you have to build a security awareness program are static eLearning content and live phishing simulations, every employee looks like a target...

The Click Armor platform is purpose-built to be the right tool to fill the gaps that exist in cybersecurity training today. It uses interactive, immersive exercises and simulations to build a more resilient workforce through a more positive user experience and metrics.

Start using the right training tools to move your program from low-value, low-assurance, compliance-based training to be more focused on "human risk management". With targeted, role-based guidance using Click Armor's engaging, interactive content, you can also enable more effective remediation of your known employee security vulnerabilities, while building more confidence and proficiency.

Engagement enables better learning

Click Armor? is the interactive security awareness platform that enables fast and easy remediation of cyber security awareness issues. It engages employees, unlike anything you've seen before to learn, retain knowledge and improve resilience to attacks.

Remediation requires engagement. If employees aren't engaged, they won't learn, and will remain vulnerable.

Why is it more effective?

After 15 years of teaching security awareness, including running large scale live "phishing tests" on my customers' employees, I observed how people will use any excuse to "disengage" with awareness training. So, I created Click Armor to keep employees focused on learning, with a more rewarding and relevant experience.

Imagine how your security culture could be improved if YOU (or one of your team's top executives) could be the central character in your interactive security awareness training experience?

Find out how you can get more employees through compliance training faster, strengthen your organization's security culture, and help your employees more effectively avoid phishing and social engineering attacks that target human vulnerabilities.

Make sure you are using the right tools to build a strong, positive and inclusive security culture.

If you'd like to experience the power of interactive security awareness training, try our short, immersive "self-assessment" called "Can I Be Phished?"

For a quick overview of Click Armor, check out this narrated video HERE.