Security Awareness Training
Most of the high-profile breaches in recent years have leveraged one or more elements of social engineering to manipulate an organization's users into doing any number of dangerous tasks.
Despite your best efforts to push the annually-required and standardized security awareness training to your users, you find that they are still clicking on malicious emails, holding doors open for strangers, and appear to otherwise disregard the knowledge you've tried to impart with them by requiring them to take an annual security awareness training course.
These digital annual training courses are wildly ineffective at positively modifying the behavior of your users, but why is this?
Why "Checkbox Compliance" Based Training Doesn't Work
While companies that require their users to undergo annual security awareness training courses are good-intentioned, statistics confirm that the standardized "checkbox compliance" based approach to security awareness training for employees quite simply doesn't work (at least not as well as we all hoped it would)-- and this is for a number of reasons:
- The users don't take the training seriously and click through the material as quickly as possible -- Anything to get the security team and HR reps off their back for being out of compliance with the company's annual training requirements, right?
- The information presented is too theoretical or focuses excessively on very obvious social engineering attempts, like the large inheritance given to them by a long-lost cousin -- who also happens to be a Nigerian prince. How convenient.
- Users come out of the course with a false sense of confidence that they can't be tricked, fooled, or manipulated into falling victim to textbook Social Engineering schemes -- after all, they earned 100% on their final course exam!
Prior to anyone falling victim to social engineering attacks, the vast majority of people feel overwhelmingly confident that they wouldn't ever become a victim of such an attack or manipulated. This is the exact mindset that successful social engineers prey on.
Education Beyond the "Click, Click, Done" Training Approach
Through years of dedicated research derived from companies both large and small, Security Illusion has developed a training course offering designed to leave a lasting and meaningful impact on your employees.
Why is Security Illusion's training so effective?
- It's customized to your organization's requirements and goals.
- We use real-world and practical examples, taken from our personal archive of "war stories" detailing our successful breaches.
- None of the material taught is theoretical
- It's taught in-person and is highly interactive
- Employees report having an enjoyable time attending Security Illusion's training course. This ultimately results in achieving the desired level of employee security awareness and increased comprehension of the material shared.
- We break out the individual elements of what makes for a sophisticated social engineering attack
- Your employees will be able to identify various types of attacks -- even ones not directly covered in the course by understanding the general make-up of techniques used by attackers.
- It's tried and true and has evolved over time based on great feedback from the hundreds of companies we've had the pleasure of interacting with.
- We come to your workplace
- Duration of the course varies based on the goals of your organization, topics you'd like us to cover, and the number of members in attendance.
- Generally, training can take between 2-4 hours but can be modified based on our client's time, resources, or other restrictions.
- We bring our arsenal of gear, including spoofed ID badges, forged documents, and various disguises that we use on our assessments to share with users for some hands-on and eyes-on experience.