The IT Nerd

Terranova Security, the global partner of choice in security awareness training with more than 20 years of experience educating the world’s cyber heroes, has announced Cyber Hero Score. This new feature allows organizations to quantify risk by assigning unique ratings to each end user or user profile based on their cyber security behaviors. Cyber Hero Score is a visionary addition to the Terranova Security offering, primed to disrupt the industry by going beyond assessment surveys in determining employee risk levels, using personalized metrics.

Cyber Hero Score can be used for individuals, user profiles, teams, departments, countries, and business units. This intel facilitates how organizations build tailored cyber awareness training campaigns based on actual end user behaviors and progression over time. A Cyber Hero Score will draw from multiple factors, including the:

• Role, function, and regional location within the organization 
• Risk and security awareness knowledge levels 
• Access permissions to sensitive information 
• Proximity to previous data breaches

Security awareness training metrics, such as course participation and completion rate, phishing simulation results, and behavior change performance over time, are also considered. By accurately assessing risk and security awareness levels, organizations can quickly identify high-risk users or profiles, pinpoint specific behavior change areas, and personalize the resulting training campaigns to suit those unique realities. As a result, organizations can significantly reduce the human risk factor.

Cyber Hero Score is an asset for all organizations, regardless of whether their employees work within a remote/hybrid model or in-office. Training administrators must clearly understand team members at higher risk of being targeted by a cyber-attack and if they have adequate knowledge and skills to safeguard against attempts to compromise sensitive data. Organizations will leverage Cyber Hero Score to risk-based campaigns that respond and adapt to behavior changes based on an individual’s unique awareness training journey. This feature underpins a security-first mindset that helps mitigate risk, build cyber threat resilience, and grow security awareness across all departments, regions, and functions.

For more information on how Cyber Hero Score plays an integral part in building cyber threat resilience and growing a cyber-aware security culture through targeted, risk-based training, visit the dedicated webpage on the Terranova Security site.

The new edition of the Terranova Security Phishing Benchmark Global Report, drawing on results from the 2021 Gone Phishing Tournament^TM, reveals that overall end user click rates remained high in the face of this year’s phishing simulation. It also details the rise in the number of users who would’ve compromised their devices with malware had the phishing simulation not been a safe testing environment. 

The 2021 Phishing Benchmark Global Report results emphasize the growing need for all organizations to address the human element of cyber security by implementing engaging, informative security awareness training programs that leverage real-world phishing simulations to change the right end user behaviors. 

These revelations come at the end of a year where digital transformation accelerated at many workplaces worldwide. The widespread adoption of remote or hybrid work cultures and related technologies enhanced collaboration and productivity, but it also meant cyber security awareness levels were tested much more frequently and with increasingly complex cyber threats. 

The 2021 Gone Phishing Tournament took place over two weeks in October 2021 to coincide with Cybersecurity Awareness Month. In all, close to 1 million phishing simulation emails in 20 different languages were sent to end users during this stretch. 

2021 Phishing Benchmark Global Report: Key Results 

The 2021 Gone Phishing Tournament revealed that, in general, a significant portion of end users are still inclined to click on phishing email links and, in the case of this year’s simulation template, download malicious file attachments when prompted.  

Nearly one in every five end users (19.8%) who received the phishing simulation email clicked on the initial message’s phishing link, which is on par with the 2020 edition of the event. In total, 14.4% of all end users failed to recognize the simulation’s resulting webpage as unsafe and clicked on the malicious file’s download link. 

These realities mean that the number of initial clickers who ended up downloading the phishing simulation’s webpage file exceeded 70%, representing an increase of nearly three percentage points from the previous year. 

Other key data highlights from the third edition of this event include: 

• When it came to downloading the malware document, North America fared best as a region (11.8%), while Europe took the runner-up slot (14.9). The Asia Pacific region finished with the highest malware download rate. 
• For click rates by industry, Education, Finance and Insurance, and Information Technology exhibited the highest totals, all scoring over 25%. Meanwhile, Healthcare, Transport, and Retail all kept their click rates under 10%. 
• Information Technology had the highest click-to-download ratio across all industries, with 84% of those who clicked on the initial phishing link eventually downloading the malware file. 

2021 Phishing Benchmark Global Report: Methodology 

This year’s email and webpage templates were supplied by Microsoft and reflected a real-world scenario all end users may encounter in their daily lives. The template’s scenario, selected by the Terranova Security leadership team, measured several end user phishing behaviors, including clicking on a link in the body of a phishing email and delivering malware in a downloadable file through a phishing webpage. 

The email and webpage spoofed the Microsoft SharePoint interface for an authentic look and feel. The email message even included instructions on how to download the file, which further enticed the end user to complete the action once they landed on the webpage. These decisions were made to give recipients a realistic sample of the increasingly complex nature of current phishing threats affecting professionals across many different industries. 

End users who clicked on the webpage link to download the malware file were met with a feedback page that offered a powerful learning moment. It pointed out warning signs the user may have missed during the simulation and highlighted best practices to keep in mind moving forward, giving them the tools needed to detect and avoid future threats consistently. 

Download the 2021 Phishing Benchmark Global Report to get all the results and facts from the latest edition of the Gone Phishing Tournament. 

oday, Terranova Security, the global partner of choice in security awareness, introduced its Click and Launch solution, dedicated awareness and phishing training bundles that only take minutes to launch, saving companies time, labour and money. Organizations can now deploy world-class cybersecurity awareness training faster than ever and keep sensitive information safe from cyber threats. 

The easy-to-use, out-of-the-box offering enables organizations to deploy security awareness training in just a few clicks. The training features high-quality content that is both engaging and cost-effective. With these powerful, budget-friendly bundle options, security professionals can use pre-configured training campaigns and phishing simulations to save valuable time and resources.​ 

The Click and Launch bundles, named Champion and All-Star, supply many benefits that help change employee behavior and build a security culture, including: 

• Easy-to-use content – Each Click and Launch bundle requires only a few minutes to get started. This level of efficiency saves organizations lots of time normally spent on creating, deploying, and supporting training campaigns. 
• Powerful, engaging training campaigns – The Terranova Security pre-built training campaigns feature real-world phishing simulations along with diverse reinforcement tools. This way, any organization’s workforce is prepared for various cyber attack scenarios and understands how to safeguard sensitive data from threats. 
• High-quality training experiences – Click and Launch builds off the tremendous value of other Terranova Security products by using over 20 years of industry expertise. This results in a powerful learning experience for businesses to support their goals and needs. 

This offering is built to be budget-friendly for organizations and is available as multilingual content. For an even more straightforward, hands-off approach, organizations also have the option to add Managed Services to their Click and Launch bundle of choice. 

Being an official Terranova Security partner is simple and profitable. Terranova Security partners get access to dependable, powerful security awareness solutions, comprehensive partner training and certification, special offers that drive new opportunities, and tools and resources designed for business growth. 

For more information, visit the Click and Launch page on the Terranova Security website. 

Terranova Security, the global partner of choice in security awareness training, announced a partnership with Security Innovation, an authority in software security training for IT professionals. The partnership addresses a key business need for many organizations today: creating a unified culture of cyber security through role-based security awareness training.  

Those managing cyber security-related training at organizations face a unique challenge in creating a strong cyber security culture. Different individuals and departments require security awareness training specific to their roles and responsibilities. This reality can lead to organizations often using multiple cyber security training programs to train employees, which can increase the costs and resources related to these initiatives and blind spots when it comes to various cyber threats.

Knowledge workers typically require more generalized training around topics like email safety, identifying phishing attempts, and strong password best practices. Conversely, IT staff may need more specialized training around how technology assets can be targeted and what can be done to nullify threats. However, technical teams like developers can require training in both areas to ensure that they’re not only securing software and data but that they’re not falling victim to an email phishing attempt. 

By asking users to toggle between multiple training programs to receive the necessary training, organizations may confuse and demotivate employees, leading to a weaker overall cyber security culture.  

With Terranova Security recognized for providing best-in-class security awareness training for non-IT staff and Security Innovation known for providing outstanding security awareness training for IT staff, each organization’s offering will now be bolstered by more comprehensive content. The result is a seamless experience for the customer, both from a platform and a learning perspective. 

The partnership will provide customers and their employees with access to a wide array of security awareness training. Courses will include:

• Methodologies backed by science – Modeled on the ADDIE approach (Analysis, Design, Development, Implementation, Evaluation), courses will be engaging, informative, and presented to the end user in a digestible manner. 
• Hands-on simulations – Used to determine if knowledge is being absorbed and applied correctly in daily activities, simulations are a powerful tool to reduce risks associated with common cyber threats and related user behaviors. 
• The removal of complexity – Stripping away unnecessary elements, customer success programs help with the roll-out, learning path creation, measurement, communications, and goal setting, so end users get the awareness training they need in a fast and straightforward way.

For organizations looking to take advantage of the new partnership, Terranova Security and Security Innovation offer one free year of security awareness training for every three years purchased. More information Visit www.terranovasecurity.com

Terranova Security, global partner of choice in security awareness training, has announced the release of its Global Dashboard functionality within the Terranova Security Awareness Platform. The release empowers organizations, as well as cyber security and risk management leaders, to leverage customizable, real-time analytics visualizations for improved data-driven decision-making. 

Featuring a flexible, widget-based interface, the Terranova Security Global Dashboard can easily be personalized to display an organization’s key security awareness training information. Using customizable filters, administrators can refine reporting data to focus on a specific department, geographical region, or any other pertinent user grouping.  

The Terranova Security Global Dashboard feature also centralizes the reporting process. It enables organizations to capture insights that gauge user behavior change – such as how many users in a particular department or region successfully completed training on a key topic – all in one, easy-to-use space within the Security Awareness Platform. Using that intel, leaders can optimize their security awareness training program performance. 

Terranova Security Global Dashboard Functionality: Key Highlights  

Ensuring that the right user behaviors are being targeted and their data is consistently protected is more crucial to organizations than ever before. The Terranova Security Global Dashboard capabilities make it easy to extract essential data-driven insights and empower organizations with informed, proactive security awareness decision-making. 

Key benefits of the Global Dashboard feature include: 

• Centralized analytics to enable organizations to gauge user behavior change success quickly and efficiently with the ability to view specific training information in one location with the Security Awareness Platform. 
• Customizable dashboard data that combines a modular, widget-based environment with built-in filters to instantly tailor every aspect of the analytics experience to an organization’s needs and goals. 
• In-depth reporting possibilities that go beyond a one-size-fits-all approach to training metrics by empowering administrators and leaders to pinpoint specific improvement areas and adjust security awareness campaigns accordingly. 

In an era of accelerated digital transformation, clear, granular analytics and reporting are integral to the success of a security awareness training program. Recent data demonstrates that data-driven organizations are three times as likely to report significant decision-making improvements.  

The Terranova Security Global Dashboard is a new module within the Security Awareness Platform. Dashboard widgets that provide granular visualization of training course data are currently available for all Security Awareness Platform administrators. Additional widgets will be added on an ongoing basis.   

For more information on the Terranova Security Global Dashboard release, visit the Terranova Security website. You can also download the new whitepaper exploring the value customizable cyber security reporting adds to an organization’s technological infrastructure, titled “The Power of Personalized Reporting in Security Awareness Training.” 

The latest edition of the Terranova Security Phishing Benchmark Global Report, drawing on results from 2020 Gone Phishing Tournament^TM reveals a substantial year-over-year increase in participating end user click rates. It also details a significant rise in the percentage of users who would’ve potentially compromised their login data had the phishing simulation not been a safe security awareness testing environment.

The results in the latest version of the Phishing Benchmark Global Report underscore the need for all organizations, regardless of size, industry, or geographic location, to implement both an ongoing security awareness training program and consistent, up-to-date phishing simulations to strengthen their data protection infrastructure.

The results outlined in the Phishing Benchmark Global Report come at the tail end of what has been a tumultuous year for businesses worldwide. The global COVID-19 pandemic resulted in many organizations changing how they work and featured a spike in remote or remote-hybrid workforce adoption. However, distributed virtual offices have lessened the effect of technical data protection measures and consequently put employees’ ability to successfully detect and avoid phishing threats under a microscope.

This year’s Gone Phishing Tournament, which took place over 11 days in October 2020 to coincide with National Cyber Security Awareness Month, welcomed 57% more participating organizations than in 2019 and boasted a 90% increase in participating end users. The 2020 event also benefited from an extended global reach, with users completing the simulation in 98 different countries.

2020 Phishing Benchmark Global Report: Key Results

The results from the 2020 Gone Phishing Tournament underscored the potential consequences of a lack of phishing awareness. The data shows that nearly 20% of employees are still quick to click on phishing email links, a significant increase from the 11% posted during the 2019 Gone Phishing Tournament.

Other key data highlights include:

• 67% of clickers (13.4% of overall users) submitting their login credentials, also up substantially from 2019, when just 2% submitted their credentials
• The Public Sector and Transport domains struggled the most, posting a click rate of 28.4% and submission rate of 24.7%.
• The Education and Finance & Insurance sectors performed considerably better than others, with rates of 11.3% and 14.2%, respectively.
• Users in North America struggled the most with the phishing simulation, posting a 25.5% click rate and an 18% overall credential submission rate. This means a little over 7 out of every 10 clickers compromised their login data.
• Users in Europe exhibited lower click and submission rates of 17% and 11%, respectively.

2020 Phishing Benchmark Global Report: Methodology

The phishing simulation email and web page templates used during the 2020 Gone Phishing Tournament were supplied by co-sponsor Microsoft. They reflected a real-world scenario that any user, especially those working remotely, may encounter in their daily lives.

Selected by the Terranova Security leadership team, the template measured several end user phishing behaviors, including clicking on a suspicious email link and submitting data using a webpage form. The template’s difficulty level was also increased compared to the 2019 simulation and was rated medium-high for complexity by the Terranova Security team.

Supported in 12 different languages, all participating users received the same phishing simulation over the same 11-day period, ensuring the data depicted in the Phishing Benchmark Global Report portrayed an accurate, apples-to-apples analysis of organizational performance. 

Download the 2020 Phishing Benchmark Global Report to get all the results and facts from the latest edition of the Gone Phishing Tournament.

Today, Terranova Security, a global security awareness partner of choice, announced various enhancements available to MSSPs, OEMs, distributors, resellers, and technology partners worldwide, as well as existing members of their partner program.

These enrichments include expanded partner program tier options, a host of special offers to bolster revenue generation opportunities, and an enhanced, easy to use partner portal interface

The Terranova Security Partner Program offers its community of security awareness leaders a simple but powerful ecosystem that supports long-term business and portfolio growth.

Participants enjoy access to:

• Comprehensive online training and certification that establishes them as a trusted information security awareness advisor.
• Special incentives and offers that drive new sales opportunities and facilitate new account acquisition and portfolio expansion.
• Sales and marketing resources that promote continuous business growth.
• Reliable, engaging security awareness solutions that leverage Terranova Security’s proven training material and phishing simulations.
• A transparent, mutually beneficial program structure where all sales engagement is conducted with the utmost attentiveness.

The Terranova Security Partner Program will also be home to the new Terranova Security Partner Portal interface. The streamlined online experience will make it much easier for MSSPs, OEMs, resellers, and other partners to register deals, complete certifications, and access exclusive partner-only content.

The Terranova Security Partner Program offers significant advantages for the network of Microsoft Partners

The enhancements made to the Terranova Security Partner Program include several additional benefits specifically for all Microsoft distributors, resellers, and other partners. This is due to the ongoing Terranova Security and Microsoft partnership, which was made official early in 2020.

Microsoft Partners can leverage attack simulation as a value-added product in various Microsoft bundles, helping to upgrade E3 license holders to the E5 and ATP2 tiers. Terranova Security can also help Microsoft Partners increase their earning power and drive additional sales with special offers for E3 clients who aren’t ready to make the jump to E5.

The industry-leading security awareness training solution from Terranova Security

The effectiveness of the Terranova Security training solutions and phishing simulations have solidified the organization’s standing as a security awareness training global partner of choice. This extends to the 2020 Market Guide for Security Awareness Computer-Based Training (SACBT), where Gartner, Inc. recognized Terranova Security as a Security Awareness Program Platforms Representative Vendor.

Terranova Security accomplishes this by utilizing:

• High-quality content that is continually evolving to address current phishing threats and effectively target user behavior.
• A variety of training formats, including micro- and nanolearning modules, to deepen and reinforce user knowledge.
• Compliance with WCAG 2.1 accessibility measures to make security awareness training available to all users.
• Customizable phishing simulations to safely test user acumen with real-world threat scenarios.
• Downloadable, instantly shareable communication tools to help boost participation and underscore key training campaign concepts.

The importance of a robust security awareness training program has come into sharp focus since the onset of the COVID-19 pandemic. Accelerated digital transformation and a global shift toward remote work have elevated the risk of data exposure for many organizations.

Verizon reports that users are three times more likely to click on pandemic-related phishing links. At the same time, a recent Malwarebytes study revealed that more than 55% of executives cite training employees to work securely and compliantly outside the office as their biggest cyber security challenge.

Terranova Security is hosting a Security Awareness Virtual Summit for all prospective and existing partners on November 12^th. Sponsored by Microsoft, the event will provide additional insight into the Partner Program and feature an in-depth solution demo.

To save a spot and view a complete agenda for the event, visit the Terranova Security website.

Terranova Security has announced the 2020 edition of the Gone Phishing Tournament event, scheduled to take place in October to coincide with National Cyber Security Awareness Month. The inaugural 2019 event, along with the resulting Gone Phishing Tournament Benchmark Global Report, highlighted the need for organizations to implement a security awareness training program supported by consistent phishing simulations.

The Gone Phishing Tournament, co-sponsored by Microsoft, uses an email template from Attack simulation training, a new capability of Office 365 Advanced Threat Protection (ATP)releasing later this year. Attack simulation training is an intelligent social engineering risk management tool that uses context-aware simulations and hyper-targeted training to train employees, and measures behavior change all on an automated platform, simplifying the design and deployment of security awareness training.

Adding Microsoft as a sponsor for the 2020 Gone Phishing Tournament marks a new chapter in the ongoing partnership between the two organizations, one that centers around the comprehensive Terranova Security content catalog and the company’s commitment to a human-centric approach to security awareness. It’s also another example of how Terranova Security phishing content will bring the best in security awareness training to Microsoft customers. 

The 2020 Gone Phishing Tournament comes at a time where an accelerated transition to a remote workforce due to the COVID-19 has put an even greater emphasis on the importance of security awareness training for all employees.

The first edition of the Terranova Security Gone Phishing Tournament took place over five days in October 2019. The goal of the tournament was to allow organizations to discover how their click rate compared to those of organizations with similar characteristics including vertical or industry, size, and geographical location. 

Key Takeaways from the 2019 Gone Phishing Tournament

The Terranova Security 2019 Phishing Global Benchmark Report provided in-depth insight on the event’s results, including click rate statistics by vertical, organization size, geographical location, and level of security awareness and phishing simulation programs in place.

The resulting click rate benchmarking yielded tangible insights concerning employee cyber security and phishing awareness. Once organizations understand how susceptible their users are to phishing threats, they can take actionable steps that lower their click rate and secure their sensitive data. 

The 2019 Phishing Global Benchmark Report reinforces how important it is for organizations to use a combination of security awareness training and phishing simulations to decrease the click rate and reduce the likelihood of these attacks being successful. 

Even in organizations with comprehensive security awareness programs in place, employees are still clicking phishing emails. 11% of recipients clicked the phishing link and 2% of recipients submitted their credentials on the phishing website.

Other key findings from the 2019 report include:

• In organizations with no security awareness programs in place, 13% of users clicked the phishing link.
• In organizations with only a security awareness program in place (but no phishing simulations), 29% of users submitted their credentials after clicking a phishing link.
• In organizations with both security awareness and phishing simulations, the credential submission rate is 47% lower.

Register now and reserve your free phishing simulation as part of the 2020 Gone Phishing Tournament.

Terranova Security, a global leader in security awareness training, announced mobile responsive security awareness training content enhancements for its platform.

This release allows organizations to train their users on any device, allowing them to access security awareness training modules from their smartphone, tablet, laptop, or desktop. A user’s training progress is always saved to their unique platform profile, ensuring that no learning momentum is lost. These enhancements underscore the Terranova Security dedication to delivering a fun, engaging, powerfully effective omnichannel learning experience.

Major mobile responsive features in this release include:

• Enhanced flexibility and convenience: Terranova Security is recognized for its high-quality content, strong customer support, its customizable learning material and for ensuring that its content is available to all users. The company has continued to deliver in this area, with security awareness training content that can be enjoyed on any device via an improved mobile-responsive design. This release reinforces the Terranova Security commitment to bring security awareness training to all users on their preferred device for a more flexible, comfortable learning experience.

• Seamless training access on all devices: Terranova Security is committed to making security awareness training programs engaging and easy to use. This mobile responsive release from Terranova Security enables users to save their progress to their unique platform profile that’s accessible in their favorite browser, regardless of the device being used. This makes switching between a desktop and a smartphone or tablet effortless, uncomplicated, and free of any training data loss.

• Enhanced mobile responsiveness, same high-quality awareness courses users love: The Terranova Security mobile responsiveness measures included enhancements made to the company’s information security awareness course library. This high-quality training content has become the Terranova Security hallmark and is now available across all devices, giving users the freedom to complete security awareness training modules at a time and on a device that works for their schedule and lifestyle.

The recent explosion mobile device usage has magnified the importance of mobile learning as a vital part of any security awareness training program. Studies show that 70% of learners feel more motivated when training on a mobile device, while smartphone learners tend to complete course material 45% faster than those using a desktop computer.

These trends won’t be fading anytime soon. As of 2019, there are more cellphones on Earth than human beings. By 2025, 72% of internet users will access the web using only their smartphones, making their inclusion in security awareness training more crucial than ever.

The English mobile-responsive version of the Terranova Security security awareness trainingcourse material is available now to new and existing customers. The Terranova Security mobile responsive content will be available in additional languages by the end of 2020.

Read more in their mobile learning blog post.

Terranova Security, a global leader in security awareness training, announced a new set of enhanced accessibility features across its entire library of security awareness training content.

To coincide with Global Accessibility Awareness Day (GAAD), this release boasts an enriched learning experience that’s inclusive for all users, with plans to make content available in 40+ languages. These measures deliver on the Terranova Security commitment to ensure that everyone can have access to the knowledge they need to keep themselves, their organizations, and all sensitive information safe.

Major accessibility features in this release include:

• Ongoing language support: Terranova Security is recognized for its very high-quality content, strong support for customers, the ability to customize content and for supporting the most languages of all vendors (both text and narration). The company has continued to deliver in this area, with a training library that includes modules, microlearning and nanolearning content, all of which will be available in over 40 different languages. This ongoing initiative represents the Terranova Security commitment to bring security awareness training to users in their preferred language.

• WCAG 2.1 compliance: Terranova Security is level A and AA compliant with WCAG 2.1 standards for accessibility. The Terranova Security accessibility measures implemented all conform to the guidelines and success criteria in making training content universally perceivable, operable, understandable, and robust. Terranova Security achieved this high level of content accessibility by providing text alternatives for non-text content, synchronized multimedia alternatives, and interface usability improvements.
  
• The same high-quality content users love: The Terranova Security accessibility measures have been made with interactivity in mind. All training material maintains a high standard for interactivity and engagement. This ensures that users always have access to the fun, informative security awareness training that remains Terranova Security’s hallmark.

A lot of online content still excludes many users every day. 80% of online content is available in only one of 10 languages: English, Chinese, Spanish, Japanese, Arabic, Portuguese, German, French, Russian, and Korean. Of those, less than half of the world’s population speaks one of those languages as their preferred language.

In terms of WCAG 2.1 compliance, GAAD research found that 98.1% of home pages have at least one failure, while the average website home page contains 60.9 accessibility errors.

The accessible versions of Terranova Security’s security awareness training course material are now available to new and existing customers.