12 Mar Cyber Security, the threats and education
As we explored in the previous blog in the series, cyber security should be of paramount concern both in day-to-day life and when working. Being adequately cyber secure should be just as important as your home being secure against burglars – you wouldn’t leave your doors and windows wide open when you go out, would you? That’s the equivalent of what some do when it comes to their cyber security.
We have already looked at the foundations of cyber security. Going forward, we will expand on this by explaining some of the different types of cyber-attack that can be stopped in their tracks by having these foundations in place. We will also explore the benefit of educating employees in regard to cyber security, and Grapevine’s new Cyber Security Training Platform which has been designed to ensure this is done to the best possible standard.
The different forms of cyber attack
Let’s now take a closer look at different types of cyber-attack and how having the right procedures in place can help you fight against them.
One of the most common types of cyber-attack experienced by businesses is Phishing; the process by which cybercriminals attempt to gather your private information using fraudulent emails and websites. Phishing emails/websites are a clever concept, as they lure unknowing users into sharing their credentials and personal data without the cyber-criminal ever having direct access to your system.
What do I look out for? How do I stop it? I hear you say.
Phishing attacks are often successful because they mask themselves as a website, or more commonly, an email from a legitimate trusted source. Such a source might be a bank, a government body, or in some cases, pretend to be an email from a senior individual within your own organization.
If you receive an email and it feels out of place – wrong time, wrong nature of request or the look, or the style and content of the email feel different, DO NOT OPEN IT. Stop and think before you act.
Ransomware is a type of malware that does not allow you access to your systems or data. The hackers only allow access once a fee is paid (a ransom).
Cyber criminals that use Ransomware as their choice of weapon cleverly invoke a feeling of urgency in their emails, often presenting a time limit alongside a link from the fake trusted source, ‘Your account has been accessed from an unauthorised device, click here in the next 5 minutes to verify your identity and avoid cancellation of your account’. The worry of the potential ramifications if you don’t click – and the inclusion of the perceived trusted email address/ logos – can be enough for some to make a split-second decision to click. Then the ransomware attack is complete.
Be wary of email attachments and suspicious links. Just like Phishing attacks, Ransomware criminals also use email as a way to infect devices. As with Phishing attacks, persuasive and often emotive language will be used to encourage you to click on links to infected sites and open attachments containing harmful ransomware viruses. As we said before DO NOT OPEN THE ATTACHMENT.
Vishing breaches are almost the same as their similar-sounding counterpart – Phishing breaches. Both use deception as their vehicle to extract sensitive information from the user, but there is one key difference – Vishing is performed using VoIP phone systems as opposed to malicious emails and links like Phishing breaches.
Vishing fraudsters have utilised the increased anonymity that VoIP provides in comparison to traditional telephony. With VoIP there are ways of making it difficult for the police to track down – and therefore punish – the perpetrators.
When it comes to Vishing attacks it is essential not to give in to pressure and be wary if the caller is using overly emotive language to create a sense of urgency or emergency. You should also completely ignore unknown numbers – if the caller is legitimate, they will probably leave a message.
These are just some of the cyber threats that exist with the intentions of stopping production and exploiting your business financially. One thing that all of these types of attack have in common is that they can all be avoided by taking time to educate your employees. Where do I start? How do I know I’m using the right sources? What if I teach them something wrong? All understandable concerns.
That is where we at Grapevine come in. Our Cyber Security Training Platform can prepare your employees for whatever the digital universe has to throw at them. Let’s take a closer look at our training platform.
Grapevine’s Cyber Security Training Platform
At Grapevine, we don’t believe that traditional security awareness training is still fit for purpose as, in the modern workplace, your employees are frequently faced with sophisticated Phishing and Ransomware attacks, and most simply don’t know enough about them to combat them effectively.
We believe in progression based on three steps; analyse, train, Phish.
Baseline Testing → Train your users → Phish your users → See the results.
We provide baseline testing to assess the Phish-Prone™ percentage of your users through a free simulated phishing attack. We then use the world’s largest library of security awareness training content, including interactive modules, videos, games, posters, and newsletters. Once having trained your users, we then test-Phish them using fully automated simulated phishing attacks with thousands of templates, unlimited usage, and community phishing templates. You can then see the results through enterprise strength reporting, showing stats and graphs for both training and phishing.
Does it work though?
Yes, it does! Our research uncovered some alarming results – the overall original industry initial Phish-prone percentage benchmark turned out to be an astonishing 37.9%! Thankfully for business owners, after adopting new-school security awareness training, that can be slashed by over half to 14.1%. After one year of following these best practices, the final Phish-prone percentage can almost be eradicated completely to an average of 4.7%!
Grapevine’s new Cyber Security Training Platform – Training features
Our platform offers three Training Access Levels, giving you access to our content library of 1,000+ items based on your subscription level. We also offer unlimited access to all phishing features with flexible licensing. There are no artificial license ceilings, no 10% average allowance, and powerful new features are added regularly.
Engaging, Interactive Browser-based Training
Do you find boring training difficult to concentrate on? Our modern interactive training programme gives your users a fresh new learner experience that makes learning fun and engaging, as opposed to older outdated methods that make learning a monotonous task. There is a feature that allows users to compete against their colleagues, see where their skills rank on a leader board, and earn badges; all acting as an incentive to learn more and keep your organisation safe.
Can I make the whole training experience feel more appropriate to my company? There is a feature that allows you to personalise your training experience at the beginning or end of training modules, and you can also add your ‘branding’ (logos, custom graphics, corporate colours, etc) to tailor any messages you want to deliver to your users.
Upload Your Own Content
If your existing training is SCORM-compliant, you can upload training / video content and manage it alongside our new Cyber Security Training Platform, allowing you to have all your training in one place, at no extra cost!
Do you know where your users are in both security knowledge and security culture? This would help establish baseline security metrics. Use the skills-based assessment and the security culture survey to measure and monitor your users’ security knowledge and make a transition to a security-aware culture over time.
Custom Phishing Templates and Landing Pages
The training programme allows you to customise scenarios based on personal information and include simulated attachments (fake attachments) to create your own targeted phishing campaigns. Each Phishing Email Template can have its own Custom Landing Page, which allows for point-of-failure education.
Phish Alert Button
Our Phish alert add-in button gives your team a safe way to forward email threats to the security team for analysis, whilst deleting the email from the user’s inbox to prevent future exposure. And all this with just one simple click!
Social Engineering Indicators
Patented technology turns every simulated phishing email into a tool that IT can use to dynamically train employees by instantly revealing the hidden red flags they missed within that email.
Our Active Directory Integration allows you to easily upload your users’ data and saves you time by eliminating the need to manually manage the changes. You can also use the Smart Groups feature to tailor and automate your Phishing campaigns, training assignments, and remedial learning, based on your employees’ attributes and behaviour.
Do you employ different levels of password or other security? Our platform allows you to define the level access and administrative ability you would like specific user groups to have, all in unlimited amounts of combinations. With delegated permissions you have the ability to limit roles to only display specific data or allow for the phishing, training, and user management of specific groups.
Advanced Reporting Feature
Our platform has 60+ built-in reports providing intimately interconnected views and detailed reporting on your key awareness training indicators over time. It also has Leverage Reporting APIs to pull data from your console and for multiple accounts, with Roll-up Reporting making it easy to view the results altogether.
Virtual Risk Officer™
The innovative Virtual Risk Officer (VRO) functionality helps you identify risk at the user, group and organizational levels and enables you to make data-driven decisions when it comes to your security awareness plan.
How do we cope with the influx of all these phishing emails? With your employees being better educated by the day, they will start to report potentially damaging emails to your incident response team at a rapidly increasing rate. This increase in email traffic can potentially present a problem. PhishER, is an optional add-on for managing the high volume of messages reported by your users and helps you identify and respond to email threats faster.
Keeping your team safe online – Grapevine
Are you concerned your systems are not cyber secure? Is your team properly educated on cyber security? Need some help? Grapevine can guide you to a future in which you no longer need to be concerned about the security of your digital landscape. 91% of successful data breaches started with a spear fishing attack! Get your free phishing security test and find out what percentage of your employees are Phish-prone. Contact us today!