blog-logo.png

A BLOG ABOUT CYBER SECURITY

Wombat Security is a leader in security awareness and training. Our blog covers the latest cyber security news, insights, and best practices. We arm infosec professionals with the knowledge and tools they need to improve end-user behaviors and reduce organizational risk.

Wombat Security Awareness Training Enables 89% Reduction in Susceptibility

Posted by Gretel Egan on Apr 19, 2017 9:05:00 AM

Topics: Security Awareness and Training, Phishing, Wombat News and Product Updates, Keys to Success, All Posts

Wombat_Blog_CaseStudy_April2017.jpgLast week, we were excited to share the results of our most recent customer case study, which explains how our security awareness training portfolio helped an employee benefits provider realize an 89% reduction in phishing susceptibility after consistent use of assessments and training.

The organization first engaged with Wombat by performing a proof of concept (POC) exercise, which revealed a phishing click rate of just under 20% — higher than the 13% average end-user click rate revealed by the data we gathered for our 2017 State of the Phish Report.

“We recognized the need for security awareness training, and we had complete executive and board-level buy-in before we even started to define the scope of how we would deliver it,” said the organization’s IT systems manager. “When we started to define the project, we did a project charter with an execution plan and a communications plan. We defined a program that included Wombat’s security awareness and training products as core components, but they are not the only pieces of our program. We are really comprehensive in our approach and execution.”

color_bar.png

Get your copy of the case study

Download Now

color_bar.png

The Results

The benefits provider’s IT team developed and delivered a comprehensive, organization-wide security awareness and training program that leverages the benefits of our Continuous Training Methodology and includes regular phishing simulations and knowledge assessments, quarterly employee training assignments, consistent tracking and biannual reporting, and regular reinforcement of key principles.

After one year, the organization’s click rate had fallen from 20% (established in the POC) to 5%. Just prior to hitting the 15-month mark, the lowest click rate was registered at 2%, which is an 89% reduction in susceptibility. In addition to numerical results, the association has recognized administrative and organizational advantages from the program, including simplified Board reporting and external auditing.

Overall, the association is focused on delivering a program that tests susceptibility to different phishing threat vectors — like malicious links, attachments, and data entry requests — and helps drive measurable improvements over the long term. The important thing, the IT systems manager noted, is for the organization to continue to get a better understanding of where its vulnerabilities lie and work to manage end-user risk.

For an in-depth look at how this and other customers have lowered their susceptibility to phishing attacks, as well as their rates of malware infection and frequency of IT helpdesk calls, visit our website.  

icon-book.png

Try Our Interactive Security Awareness Training Modules

Our 20+ interactive training modules in topics like Email Security, URL Training, Mobile App Security, and more are proven to change the behavior of end users and reduce risk.

Try Our Modules