The bulk of annual total reported security breaches involves attacks against individuals and employees :
Source : Verizon 2022 Data Breach Investigations Report
Source : CISCO 2021 Cybersecurity Threat Trends Report
Of total data breaches, phishing-type attacks form the greatest percentage :
Source : Verizon 2021 Data Breach Investigations Report
People still continue suffer such attacks DESPITE TECHNICAL DEFENCES (ANTI-SPAM, ANTI-VIRUS, ANTI-PHISHING, ETC) IN PLACE at companies, institutions, schools and other organizations worldwide.
This is proof that reliance on technology alone will NOT protect you !
In fact, most malware continues to be delivered by email directed at people :
An attacker only needs ONE PERSON to do a single click, single opening of attachment, etc, and KABOOM - now you've got ransomware...or something much worse!
Plus, office document formats are usually the most widely used weapon of choice for attackers to target your people, with the composition of total malicious email attachments as follows:
Source : CISCO 2018 Annual Cybersecurity Report
Therefore, attackers view all forms of email-based attacks as the most low-risk and worthwhile type of end-user attack.
And then there is the Great Resignation - cybersecurity practitioners everywhere are getting burnt-out having to deal with daily attacks and organizational demands; a 2022 survey shows 54% OF THEM WANT TO QUIT DOING CYBERSECURITY.
The constant pace of attacks and requirements is only going to place ever-increasing strain on your IT and cybersecurity teams.
All these statistics are guaranteed to get worse with time, regardless of whether you are a large
bank or financial services company, a
teacher or school, a
government entity, a
small business owner,
family office or high-net-worth individual,
Wouldn't it be helpful for you, your IT team and your company if...
| || || ||
|...EVERY employee could...
|...use technical-IT-level skills...
|...to spot attack emails...
|...REGARDLESS of attack sophistication?
With the ASSISTING INDIVIDUAL DEFENCE : EMAIL (AID:E) upskilling training, they can!
UPSKILL EVERY EMAIL-USER TO BECOME PART OF YOUR TECHNICAL DEFENCE!
It doesn't matter if they are in HR, Finance, Procurement, Sales, Marketing, Legal, Teaching, etc, or if they work for a commercial or an educational or a non-profit organization - every non-technical person CAN BE ABLE TO HELP DEFEND YOUR ORGANIZATION by becoming an effective extension of your cybersecurity and IT team defences !
By enlisting your non-technical people in the fight against phishing, ransomware and other cyberthreats via equipping them with the ability to more easily identify an attack email that makes it past your technical defences, this will lighten the burden that your Cybersecurity and IT teams have in dealing with constant attacks against your organization and mitigate their burnout rate.
Even if you have Outlook plugins that allow your employees to report suspected phishing emails, someone in your IT or cybersecurity team has to spend time or effort processing the report or acting on a third-party service-provider report that is sent to them.
Doesn't this reporting add to their existing already-heavy workload?
A lot of vendor-delivered "security awareness"-level training (i.e. SAT) is focused on cosmetic generic approaches, or are directive in nature (e.g. simply tell you "don't open suspicious emails", "look out for mis-spelt words", etc).
Such approaches fail when faced with a more advanced foe targeting your employees because they don't give employees the proper skills AT A TECHNICAL LEVEL to deal with more sophisticated attackers.
SAT therefore does not impart sufficient technical-level depth to make a substantial difference at the front lines of Cybersecurity.
If it really was effective, why do we still see so much news about successful phishing and ransomware cases?
SAT also often does not factor in the continued inventiveness and creativity of attackers in bypassing automated defences (e.g. using ChatGPT to improve email content appearance) and therefore requires continuous updates and expense instead of a one-time investment per person.
And 'gamification' and 'fun' approaches used by some training doesn't always mean people will properly learn the actual technical skills needed to be of REAL help to your IT and Cybersecurity teams.
You just need to answer a simple question :
After going through all the prior end-user training and SAT programmes, do ALL your non-technical end-users now have ACTIONABLE TECHNICAL-LEVEL SKILLS that allows them to identify that an email is malicious REGARDLESS OF ATTACK SOPHISTICATION and WITHOUT NEEDING TO ESCALATE TO YOUR I.T. TEAM ?
The deliverable should be : "Did the training make a real technical-level difference in increasing your security posture", and not how 'cheap', 'fun' or 'gaming' it was.
As opposed to SAT programmes, our very-targeted and cost-effective UPSKILLING TRAINING converts actual TECHNICAL-LEVEL cybersecurity skills into easy-to-apply everyday practical steps that ANYONE can apply to validate whether any email that makes it past your technical anti-spam/anti-phish defences and arrives inside their mailbox is legitimate or not, regardless of how sophisticated and authentic the email appears.
The upskilling training session is instructor-led, not a video-only, which is more beneficial for non-technical people because it is more interactive and engaging.
Using our proprietary methodology, real-instructor delivery and online web-tool, we will teach your email-users how to easily spot different types of creative approaches that attackers take when sending spear-phishing and other social-engineering-attack emails to targets' mailboxes, REGARDLESS OF THE SOPHISTICATION OF THE ATTACK.
The instructor-led training session allows attendees to put what is taught into practice through a practical real-time exercise segment that uses actual real-world attack email examples instead of "simulated" test email examples.
After going through AID:E, ALL your non-technical end-users can become a technical-level extension of your Cybersecurity / IT-team and the last line of real defence against phishing and ransomware-laden emails that make it past your outer automated defences!
And why focus specifically and exclusively on email?
As per the charts under the WHY DO I NEED ANTI-PHISHING / ANTI-RANSOMWARE TRAINING section, email is the single largest delivery mechanism for targeting an organization through its end-users. So it makes sense to go after the biggest threat first.
An organization with a global customer footprint engaged us to conduct an unannounced spear-phishing security-test against a list of its non-IT employee targets in October 2022 in order to assess the organization's security posture following standard end-user security-awareness training and before undergoing the ASSISTING INDIVIDUAL DEFENCE : EMAIL (AID:E) upskilling training.
The bite-rate (or "click" percentage) for this pre-AID:E baseline test was 66.67 %.
Four days after this initial baseline test, an AID:E anti-phishing & anti-ransomware upskilling training session was conducted for the employee targets.
A second spear-phishing test was commissioned by the same customer to be run four days after the AID:E training.
Result : after the AID:E session, the bite-rate dropped to 0 % ...and, in a total role reversal, there were even non-technical employees who alerted the organization's IT team by sending screenshots of the raw email headers to describe the attack attempt to the IT team, one example of which is shown below :
Collectively, this demonstrates internalization and application of the technical-level skills imparted by our upskilling training.
A 100 % drop in the bite-rate following our training proves that it is entirely feasible for non-technical users in HR, Finance, Procurement, Marketing, etc, to acquire and apply technical-level cybersecurity skills to help defend an organization !
( Note : the spear-phishing tests were separately commissioned by the customer to measure the efficiency of AID:E and is not part of an AID:E session/pricing. )
Usually 2.5 up to a maximum of 3 hours, subject to the degree of attendee interaction during the practical exercise segment.
Ideally, paid sessions are intended to be run on-site with an in-person instructor at your organization's premises for maximum effect. However, so long as attendees can access their organization and/or personal email inboxes during the session using their laptop computers, the session can be run on-site at any physical location subject to minimum session size and venue space constraints.
Contact us today for pricing and availability in your country.
Please kindly email from your organization's email address and provide your company/school/institution/agency name as this training is intended for organizations with non-technical employees, e.g. businesses, government-related entities, educational institutions, medical facilities, etc.
Enquiries received from Gmail and other free email address providers are unlikely to get a reply.