KnowBe4 has developed a new social engineering indicators training method to help IT security professionals manage the risk of social engineering attacks on employees more effectively.
Social engineering techniques are used by cybercriminals to increase the likelihood of end users clicking on malicious links, opening infected email attachments and divulging sensitive information. While phishing emails were once fairly easy to identify, today’s threats are clever, sophisticated and much harder to distinguish from genuine emails.
In addition to a recent surge in phishing email volume, security awareness is also lacking at many organizations. KnowBe4 reports that ‘end user security is in serious decline.’ KnowBe4 is tackling the problem through training and phishing simulations.
The new social engineering indicators training method helps IT professionals by turning each simulated phishing email into a training opportunity to hope employees’ phishing and social engineering identification skills.
Know4Be says 93% of all phishing emails are used to deliver ransomware – malicious code that locks end users’ files with powerful encryption. The attackers then demand payment of a ransom to supply the keys to decrypt locked files. Organizations that fail to train end users on social engineering red flags are at risk of having ransomware installed.
The new patent-pending social engineering indicators training method has been applied to the company’s phishing simulation exercises. When an end user falls for a phishing email, that person is directed to a webpage where they are informed of the error. The webpage includes details of the phishing email with all of the red flags highlighted. Users receive instant feedback on the phishing email identifiers they failed to identify turning the failure into a training opportunity.
Security awareness training used to be an annual checkbox item for companies; however, that approach is not effective as KnowBe4 CEO Stu Sjouwerman explained, “Once-a-year breakroom training with coffee and donuts doesn’t keep the bad guys out.” Sjouwerman went on to say, “By creating a human firewall that can identify threats and avoid them, we can manage the problem much more effectively. SEI is a new-school approach toward security awareness training that helps end users learn how to make better security decisions.”