Sensibilização dos utilizadores
Human Risk Management
Reduce the risk of a costly user-related data breach and demonstrate your efforts in compliance through measurable employee human risk management programmes.
Enhancing the cybersecurity knowledge and skills of your workforce is vital in building a strong defense against cyber threats. Educating employees about potential risks and best practices can significantly reduce the likelihood of successful cyber attacks, such as phishing, and foster a culture of cybersecurity awareness within the organization.
Human
are targets
36% of successful data breaches involve phishing
Human make mistakes
90% of successful data breaches human error
Compliance is essential
Key standards like ISO 27001 or SOC2 require regular staff training
Make employees your first line of defence
Security awareness is critical in protecting your organization from threats. We offer comprehensive security awareness training programs designed to assess and strengthen each user’s knowledge gaps.
Regular Bite-sized Training: We provide regular, bite-sized training courses tailored to individual users’ security knowledge gaps and prioritized based on their risk areas.
Phishing Simulation: Periodic simulations identify employees susceptible to phishing attacks, allowing us to educate those at high risk.
Dark Web Monitoring: We safeguard exposed user accounts by monitoring the dark web for stolen credentials, such as passwords.
Policy Management: We ensure users are well-versed in security policies and procedures by tracking eSignature approvals from a pre-loaded library of core documents.
11s
Estimates suggest that in 2021 a cyber attack took place every 11 seconds.
$6T
Cyber attacks were projected to hit $6 trillion in annual losses in 2021, which has doubled since 2015.
200
The average business cost of a cyber attack is $3.86 million and breaches take over 200 days to be detected.
A User Awareness Score is a critical metric that quantifies the level of cybersecurity awareness among your organization’s employees. In today’s digital landscape, where human error can lead to significant security breaches, it’s crucial to measure and understand the effectiveness of your cybersecurity training and awareness programs. This score helps identify areas where employees are most vulnerable, allowing for targeted improvements in training and education.
The User Awareness Score is derived from a comprehensive analysis of various factors, including employee responses to simulated cyber attacks (like phishing tests), their participation and performance in cybersecurity training modules, and their understanding and adherence to company security policies.
Ethical Phishing
Our ethical phishing services involve simulated phishing campaigns designed to test and improve employee awareness and response to phishing attacks. This hands-on approach helps in identifying areas where additional training is needed.
We design and execute controlled phishing campaigns that mimic real-life attack scenarios. The results are analyzed to provide insights into employee susceptibility to phishing attacks, followed by targeted training to address identified weaknesses.
Adapted training program
We offer comprehensive training programs tailored to different roles within your organization. These programs cover essential cybersecurity principles, safe computing practices, and how to recognize and respond to security threats.
User Training is delivered through interactive modules and workshops. We cover various topics, including password management, email security, and safe internet practices. Our training is updated regularly to address emerging threats and trends.
4 key causes of a user-related data breach
1. Human error :
An employee mistake, such as a simple typo, can seemsmall… but the repercussionscan be huge. For many businesses, a human errorrelated breach has resulted in fines, loss of customer trust and losing access to data.
Common ways that risky employee behaviour can lead to a security incident :
- Sharing, writing down or re-using passwords across multiple accounts
- Carelessly handling data, like entering the wrong email recipient or attaching the wrong file
- Lacking awareness of common threats, such as spear phishing emails
- Failing to understand that security is the responsibility of all employees, not just a problem for the IT department
2. Employee falling for a phishing attack:
The most common way of an employee causing a security breach is by falling for a phishing attack. And with phishing being more targeted and sophisticated than ever before, employees are finding it increasingly difficult to spot these attacks.
The clever techniques attackers use to reel in your employees:
- Spear Phishing — These hyper-personalised attacks target a specific individual or group, with the attacker conducting prior research into an often senior-level target.
- Business Email Compromise — If an attacker gains access to a legitimate email account, they can exploit ‘colleagues’ by posing as a trusted source via a BEC attack.
- Domain Spoofing — An attacker can fake the display name and sender address of an
email to make it look like it came from inside the company or via a trusted vendor.
Employee password behaviour plays a huge part in security incidents, with 61% of breaches involving stolen credentials, costing businesses $4.37M (US) on average. By re-using the same password across multiple accounts, one thirdparty breach can create a portal of human risk for your business.
The road to compromised credentials:
- Employee signs up for multiple thirdparty services using the same businessemail and password.
- A third-party service suffers a databreach, exposing the user’s credentials.
- The credentials are sold on the darkweb, which attackers can potentially use to gain access to multiple accounts.
4. A lack of security policies and processes :
Information security policies help guide employee behaviour when it comes to handling company information and keeping IT systems secure. Without these policies, employees are less likely to know who they should be reporting phishing attacks to or who is allowed access to which sensitive data.
- They protect your organisation’s critical information by clearly outlining employee security responsibilities.
- They prevent unauthorised disclosure, disruption, loss, access, use, or modification of an organisation’s information assets