The Fine Print on Other Security Awareness and Training Programs? ‘Results May Vary.’
Share our post
No doubt about it: Cyber security is a hot topic. Top retailers have become known more for their breaches than their brands, and residents of Wall Street and Main Street alike are feeling the stresses and pressures that are being applied by hackers, scammers, and social engineers. And if self-preservation isn’t enough of a driver, increasing regulations and looming legislation are sure to force organizations to put the pedal to the metal with regard to security awareness and training efforts.
But before you go full speed ahead, know this: not all programs deliver equal results.
The Wombat Continuous Training Methodology is unique in its structure and delivery, and we’ve discussed before how our four-step approach is designed to drive behavior change and yield success over the long term. It’s not once-a-year, slide-based or video-based training that is forgotten shortly after you press stop. It’s not “one and done,” check-the-box training that barely holds your employees’ attention and has little chance of producing noticeable improvements within the workplace. And it’s not a simulated attack program that focuses only on the phishing threat vector. Because even though mock phishing emails are great assessment tools, they can't educate users on their own. A security awareness training approach that relies solely on simulated attacks is destined to plateau and leave you wondering how to get a better return on your efforts.
But here’s what the Wombat methodology is: The cornerstone of the risk reduction model proven out in Aberdeen Group’s study, The Last Mile in IT Security: Changing User Behavior. Based on fact-driven Monte Carlo analysis, this study shows that our security education programs can change employee behavioral responses to cyber threats like phishing, social engineering, malicious websites, open-access WiFi, and other popular attack vectors, which in turn reduces the risk of a security breach by 45% to 70%.
Our methodology was also highlighted in the recent Ponemon study, The Cost of Phishing and Value of Employee Training, which showed that our approach to anti-phishing awareness and training can deliver up to a 50x yearly ROI and save organizations with about 10,000 users up to $1.8 million in yearly costs related to employees’ handling of phishing attacks.
So what happens when you look for another security awareness training program to change behaviors and reduce your organization's vulnerability to attack? You can go ahead and add this caveat to your bottom line: Results may vary.