The bulk of annual total reported security breaches involves attacks against individuals and employees :
Source : Verizon 2022 Data Breach Investigations Report
Source : CISCO 2021 Cybersecurity Threat Trends Report
Of total data breaches, phishing-type attacks form the greatest percentage :
Source : Verizon 2021 Data Breach Investigations Report
People still continue suffer such attacks DESPITE TECHNICAL DEFENCES (ANTI-SPAM, ANTI-VIRUS, ANTI-PHISHING, ETC) IN PLACE at companies, institutions, schools and other organizations worldwide.
This is proof that reliance on technology alone will NOT protect you !
In fact, most malware continues to be delivered by email directed at people :
An attacker only needs ONE PERSON to do a single click, single opening of attachment, etc, and KABOOM - now you've got ransomware...or something much worse!
Plus, office document formats are usually the most widely used weapon of choice for attackers to target your people, with the composition of total malicious email attachments as follows:
Source : CISCO 2018 Annual Cybersecurity Report
Therefore, attackers view all forms of email-based attacks as the most low-risk and worthwhile type of end-user attack.
And then there is the Great Resignation - cybersecurity practitioners everywhere are getting burnt-out having to deal with daily attacks and organizational demands; a 2022 survey shows 54% OF THEM WANT TO QUIT DOING CYBERSECURITY.
The constant pace of attacks and requirements is only going to place ever-increasing strain on your IT and cybersecurity teams.
All these statistics are guaranteed to get worse with time, regardless of whether you are a large
bank or financial services company, a
teacher or school, a
government entity, a
small business owner,
family office or high-net-worth individual,
Wouldn't it be helpful for you, your IT team and your company if...
| || ||
|of your people...
| ||...how to spot and avoid...
|...an attack email?
With the ASSISTING INDIVIDUAL DEFENCE - EMAIL (AIDE) upskilling training, they can!
UPSKILL EVERY EMAIL-USER TO BECOME PART OF YOUR TECHNICAL DEFENCE!
It doesn't matter if they are in HR, Finance, Procurement, Sales, Marketing, Legal, Teaching, etc, or if they work for a commercial or an educational or a non-profit organization - every non-technical person CAN BE ABLE TO HELP DEFEND YOUR ORGANIZATION by becoming an effective extension of your cybersecurity and IT team defences !
By enlisting your non-technical people in the fight against phishing, ransomware and other cyberthreats via equipping them with the ability to more easily identify an attack email that makes it past your technical defences, this will lighten the burden that your Cybersecurity and IT teams have in dealing with constant attacks against your organization and mitigate their burnout rate.
Even if you have Outlook plugins that allow your employees to report suspected phishing emails, someone in your IT or cybersecurity team has to spend time or effort processing the report or acting on a third-party service-provider report that is sent to them.
Doesn't this reporting add to their existing already-heavy workload?
Many vendor-delivered end-user-level trainings and security awareness sessions are generic and focused on cosmetic approaches, or are directive in nature (e.g. simply tell you "don't open suspicious emails", etc) or tell you to do something but don't teach you exactly HOW to do it at a technical level.
Those therefore do not impart sufficient technical-level depth to make a substantial difference at the front lines of Cybersecurity.
End-user security awareness training also often does not factor in the continued inventiveness and creativity of attackers in bypassing automated defences.
And "gamification" and "fun" doesn't always mean people will properly learn the actual technical skills needed to be of REAL help to your IT and Cybersecurity teams.
You just need to answer a simple question :
After going through all the prior end-user training and security-awareness programmes, do ALL your non-technical end-users now have ACTIONABLE TECHNICAL-LEVEL SKILLS that allows them to confirm that an email is malicious WITHOUT NEEDING TO ESCALATE TO YOUR I.T. TEAM ?
The deliverable should be "did the training make a real difference in increasing your security posture", and not how "fun" or "gaming" it was.
As opposed to security-awareness programmes, our very-targeted, very-focused and cost-effective UPSKILLING TRAINING converts TECHNICAL-LEVEL cybersecurity skills into easy-to-apply everyday practical steps that ANYONE can apply to validate whether any email that makes it past your technical anti-spam/anti-phish defences and arrives inside their mailbox is legitimate or not.
After going through AIDE, ALL your non-technical end-users can become a technical-level extension of your Cybersecurity / IT-team and the last line of real defence against phishing and ransomware-laden emails that make it past your outer automated defences!
Why focus specifically and exclusively on email?
As per the charts under the WHY DO I NEED ANTI-PHISHING / ANTI-RANSOMWARE TRAINING section, email is the single largest delivery mechanism for targeting an organization through its end-users. So it makes sense to go after the biggest threat first.
Using our proprietary methodology and tool, we will teach your email-users how to easily spot different types of creative approaches that attackers take when sending spear-phishing and other social-engineering-attack emails to targets' mailboxes.
The session includes a practical real-life exercise segment so that attendees can put what is taught into practice.
An organization with a global customer footprint engaged us to conduct an unannounced spear-phishing security-test against a list of its non-IT employee targets in October 2022 in order to assess the organization's security posture after going through past standard end-user security-awareness training.
The bite-rate (or "click" percentage) for this pre-training baseline test was 66.67 %.
Four days after this initial baseline test, an ASSISTING INDIVIDUAL DEFENCE - EMAIL (AIDE) anti-phishing & anti-ransomware upskilling training session was conducted for the employee targets.
A second spear-phishing test was commissioned by the same customer to be run four days after the AIDE training.
Result : after the AIDE session, the bite-rate dropped to 0 % ...and, in a total role reversal, there were even non-technical employees who alerted the organization's IT team by sending screenshots of the raw email headers to describe the attack attempt to the IT team, one example of which is shown below :
Collectively, this demonstrates internalization and application of the technical-level skills imparted by our upskilling training.
A 100 % drop in the bite-rate following our training proves that it is entirely feasible for non-technical users in HR, Finance, Procurement, Marketing, etc, to acquire and apply technical-level cybersecurity skills to help defend an organization!
( Note : the spear-phishing tests were separately commissioned by the customer and is not part of an AIDE session/pricing. )
Up-to-3 hours, subject to the degree of attendee interaction during the practical exercise segment.
Ideally, paid sessions are intended to be run on-site at your organization's premises for maximum effect. However, so long as attendees can access their organization and/or personal email inboxes during the session using their laptop computers, the session can be run at any physical location subject to minimum session size and space constraints.
Contact us today for pricing and availability in your country.
Please kindly email from your organization's email address and provide your company/school/institution/agency name as this training is intended for organizations with non-technical employees, e.g. businesses, government-related entities, educational institutions, medical facilities, etc.
Enquiries received from Gmail and other free email address providers are unlikely to get a reply.