In today’s environment, social engineering attacks are prevalent and increasing.
Social engineering is the act of attacking the human element of security. The human element is often the weakest component in a company’s security. Attackers know this, and exploit it.
1 in 10 people fall for phishing attacks.
How do you know which employee is the 1 in 10?
Security incidents can be expensive. The average cost of a data breach is $7.2 million or $156 per compromised record. Almost half of all social engineering attacking involve some form of phishing. When dealing with targeted attacks, this number increases to over 90 percent.
In addition, the number of phishing campaigns targeting employees increased by 55% in 2015, according to the Symantec Internet Security Threat Report 2016. Even though these numbers continue to increase, social engineering prevention and testing is often overlooked.
Less than 46 percent of companies perform any type of social engineering training or testing.
- Increased Security. Phishing simulations provide quantifiable results. These measurements allow improvements to be identified and tracked.
- Visibility. With the comprehensive reporting, key stakeholders can understand the security weaknesses.
- Demonstrated Responsibility. As a responsible organization, all companies should demonstrate to stakeholders, and auditors, the steps the company has taken to address current threats.
- Improved Training Retention. Employees can receive training on what to do and what to avoid, but until an employee experiences a situation, their actions are unknown. After seeing how phishing can happen, employees understand the risk and should be more security conscious.
- Net Reduced Training Cost. By pinpointing employees who are more susceptible, via a Repeat Failures Report, additional training can be provided to these employees without the cost and burden to other employees.