By: Area 1 Security
Security awareness training is deployed by many organizations today for a variety of reasons including meeting regulatory requirements and reducing the risk of phishing breaches. But unfortunately, security awareness training alone doesn’t stop phishing. On its own, security awareness training isn’t sufficient to defend against phishing attacks. The good news is that awareness training helps reduce phishing risk. Security awareness vendors report that after their customers execute a training program, employee susceptibility to interacting with phishing emails is reduced from approximately fifty percent before training, to about fifteen percent after training.
That’s good progress, but it takes only one successful phishing email to breach your organization.
Phishing attacks continue to be the root cause of 95 percent of cyber breaches. That’s why Gartner advises CISOs to make anti-phishing a top security project for 2018. Specifically, they recommend CISOs combine anti-phishing technical controls and security awareness training to best reduce risk and protect from breaches. For organizations that are experiencing successful phishing attacks against their employees, Gartner suggests deploying anti-phishing technical controls as the primary strategy to block as many attacks as possible and implementing awareness training as a supplement to those controls.
In this webinar, we look at the role training plays in protecting from phishing and why analysts recommend that for best protection, organizations should combine anti-phishing technical controls and security training to defend from phishing attacks.