In the modern digital world, information and data are money — and organisations are facing a continuous bombardment from criminal groups and/or individuals. Worse, cyberthreats are only growing in type and number.
How then, can an organisation defend against cyber attacks? What can business leaders do to shore up the defences? And how can employees contribute in cyber defence?
Types of Cyber Attacks
From an attacker’s perspective, there are two possible initial steps to gaining access to an organisation. They can try to find a technical vulnerability which is already directly exposed, or they can convince someone who already has access to take some action that will help them.
Many attacks are a combination of these techniques, but the vast majority at least starts with some form of social engineering — the overall term used for convincing someone to take some action.
That action could be as simple as clicking on a link in an email or opening an attachment. This type of cyber attack, referred to as phishing, can lead to fraud or identity theft, business email compromise (also known as BEC), or to various technical attacks.
The Defence Against Cyber Attacks
There are some technical measures that can reduce the likelihood of this type of attack. Anti-malware gateways, proxy systems, anti-spam and anti-phishing solutions can all reduce the likelihood of phishing attempts reaching end users. Endpoint anti-malware software can reduce the likelihood of malware disrupting an organisation.
But no technical control can be perfect — the primary first line of defence is human.
So how do we make this defence as strong as possible? The answer: training. But how can an organisation implement a cyber awareness training program that is both efficient and effective?
KnowBe4 Service: A Cybersecurity Awareness Training Solution
When experteq went looking for a cyber awareness training solution to offer to our clients we quickly found that KnowBe4 was the clear leader in this space, recognised by Gartner, Forrester and many others.
Using KnowBe4 is effective, as it integrates a broad range of training material with active phishing tests. And it’s efficient, as relevant training can be automatically assigned; whether regularly to all staff or selected groups, to new starters, or to users who have clicked on a phishing link.
Dashboards show the overall level of risk in the organisation and the status of cybersecurity training campaigns and phishing tests.
Training material can be selected from general topics or can be specific. The style of material can be chosen from more traditional presentations to games and Netflix-like series, complete with posters. It can all be combined to help your staff become what KnowBe4 refers to as “strong human firewalls”.
experteq offers KnowBe4 as a managed service. Our clients have all the direct hands-on access they want, with complete support from experteq. While managing training campaigns is straightforward (though experteq can help with that as much as clients want), some of the areas where experteq support is more important is integration with Active Directory (or Azure Active Directory) and Direct Mail Integration for phishing tests, which bypasses most of the ever-changing controls used by Microsoft and other vendors to ensure the test phishing emails arrive safely.
For experteq staff, we use a combination of training styles, with some set as mandatory and others non-mandatory, but promoted. The latter includes some of the video series, like “Restricted Intelligence” and “The Inside Man”, where staff can choose to watch five-minute humorous episodes whenever they have time.
Contact experteq for more information on the KnowBe4 service.