There is no doubt that every organization needs to implement technology-based solutions to protect itself from phishing, spearphishing, whaling and related types of threats. These attacks can create enormous problems for an organization, including loss of intellectual property, the draining of financial accounts and other damaging effects. However, while technology-based solutions are a must, the users in your organization should be the initial line of defense against phishing and related attacks. As a result, every user should receive the appropriate level of security awareness training to ensure that they are sensitized to the subtleties of phishing, spearphishing and related types of attacks.
To determine if security awareness training actually works in helping organizations to defeat phishing and related attacks, we conducted two market research surveys during July 2013. These surveys were conducted with decision makers and/or influencers familiar with their organization’s security management and/or security awareness training activities:
- One survey was conducted with the Osterman Research survey panel. None of these individuals was a customer of KnowBe4.
- The second survey was conducted with customers of KnowBe4’s Security Awareness Training solutions.
We queried respondents about five different approaches to security awareness training:
- The Human Firewall Approach (most common among KnowBe4 customers)
- The Break Room Approach (most common among non-KnowBe4 customers)
- The Monthly Security Video Approach
- The Phishing Test Approach
- The Do Nothing Approach
Our research found that there is a significant difference between KnowBe4 customers and non-customers with regard to confidence in employees’ ability to detect and thwart phishing attacks. When asked to rate their confidence that all employees are well trained to deal with phishing attacks on a scale of 1 (not confident at all) to 100 (very confident), KnowBe4 customers gave a confidence score 29% higher than non-customers. Similarly, when non-customers were asked to rate their employees on the same scale with regard to whether or not employees will refrain from clicking on phishing links, KnowBe4 customers’ confidence score was 40% higher than those of non-customers. We also found that KnowBe4 customers were nearly three times more likely to view the phishing problem as getting better over the past 12 months.
If you’d like to learn more about the results of this research, you can do so here.