Terranova Security, the global partner of choice in security awareness training with more than 20 years of experience educating the world’s cyber heroes, has announced Cyber Hero Score. This new feature allows organizations to quantify risk by assigning unique ratings to each end user or user profile based on their cyber security behaviors. Cyber Hero Score is a visionary addition to the Terranova Security offering, primed to disrupt the industry by going beyond assessment surveys in determining employee risk levels, using personalized metrics.
Cyber Hero Score can be used for individuals, user profiles, teams, departments, countries, and business units. This intel facilitates how organizations build tailored cyber awareness training campaigns based on actual end user behaviors and progression over time. A Cyber Hero Score will draw from multiple factors, including the:
- Role, function, and regional location within the organization
- Risk and security awareness knowledge levels
- Access permissions to sensitive information
- Proximity to previous data breaches
Security awareness training metrics, such as course participation and completion rate, phishing simulation results, and behavior change performance over time, are also considered. By accurately assessing risk and security awareness levels, organizations can quickly identify high-risk users or profiles, pinpoint specific behavior change areas, and personalize the resulting training campaigns to suit those unique realities. As a result, organizations can significantly reduce the human risk factor.
Cyber Hero Score is an asset for all organizations, regardless of whether their employees work within a remote/hybrid model or in-office. Training administrators must clearly understand team members at higher risk of being targeted by a cyber-attack and if they have adequate knowledge and skills to safeguard against attempts to compromise sensitive data. Organizations will leverage Cyber Hero Score to risk-based campaigns that respond and adapt to behavior changes based on an individual’s unique awareness training journey. This feature underpins a security-first mindset that helps mitigate risk, build cyber threat resilience, and grow security awareness across all departments, regions, and functions.
For more information on how Cyber Hero Score plays an integral part in building cyber threat resilience and growing a cyber-aware security culture through targeted, risk-based training, visit the dedicated webpage on the Terranova Security site.
Fortra’s Terranova Security 2022 Gone Phishing Tournament Results Reveal Large Organizations at Highest Risk of Compromising Data
Posted in Commentary with tags Terranova Security on February 1, 2023 by itnerdThe new Phishing Benchmark Global Report, based on the 2022 Gone Phishing TournamentTMhosted by Fortra’s Terranova Security, reveals that large organizations of 10,000 employees or more are most susceptible to phishing attacks promising a gift, despite potentially having access to more cyber security resources than smaller businesses.
Co-sponsored by Microsoft, the annual tournament measures and evaluates how employees respond to one of the most common types of cyber threats – phishing attacks. The 2022 Phishing Benchmark Global Report results emphasize the growing need for all organizations to implement engaging and informative security awareness training programs. Ideally, those programs would leverage real-world phishing simulations to ensure employees are aware of the latest phishing tactics, can detect and report cyber threats and, in time, change unsafe online behaviors.
According to the report, many employees are still prone to answering requests for sensitive information – even when they come from unknown or suspicious email senders. This level of trust leaves an organization’s confidential data vulnerable to hackers.
2022 Phishing Benchmark Global Report: Key Results
7 percent of all end users who participated in the 2022 phishing simulation clicked on the link in the phishing email. In addition, 3 percent of all end users failed to recognize the warning signs of the simulation’s webpage and proceeded to enter their credentials on the malicious webpage.
Despite the seemingly low totals, this year’s form completion rate poses a cause for concern. Globally, 44 percent of those who clicked on the phishing simulation link eventually completed the web form on the subsequent webpage and submitted their login credentials.
The simulation found that employees from large organizations are most susceptible to phishing attacks. According to participant data, organizations with 10,000 employees or more rarely missed security awareness training, indicating a potential lack of effectiveness.
Other key data highlights from the fourth edition of this event include:
2022 Phishing Benchmark Global Report: Methodology
The 2022 Gone Phishing Tournament took place in October to coincide with Cybersecurity Awareness Month. With over 250 participating organizations and over 1.2 million phishing emails sent out during this year’s event, it was one of the largest phishing simulations of its kind. The increase in the participation rate shows phishing is a major concern for many organizations considering the ever-evolving complex nature of real-world cyber threats.
Microsoft supplied this year’s email and webpage templates designed to imitate a real-world scenario that many employees experience: a gift card scam. The scenario, selected by the Terranova Security leadership team, measured several end-user behaviors, such as clicking on a link in the body of a phishing email and entering credentials into a form on a phishing webpage.
If users clicked on the link in the phishing simulation’s email, they were redirected to a landing page, which prompted them to enter credentials that, had the simulation been an actual attack, would have been compromised. If users completed this second step, they were brought to a phishing simulation feedback page highlighting the warning signs they missed and the best practices they should follow.
Though the 2022 Gone Phishing Tournament simulation was deemed easier than in previous years, the click rate and web form submission rate should still be considered high as a result.
Download the 2022 Phishing Benchmark Global Report to get all the results and facts from the latest edition of the Gone Phishing Tournament.
Leave a comment »