wombatsecurity | April 13, 2017

Wombat Security Enables Employee Benefits Organization to Reduce Phishing Susceptibility by More Than 89%

Wombat assessment and education tools are core components of security awareness training program

PITTSBURGH, April 13, 2017 

Wombat Security Technologies (Wombat), the leading provider of cyber security awareness and training, today releases a new industry case study illustrating how one employee benefits organization reduced phishing susceptibility by more than 89%. The association’s IT team developed and delivered a comprehensive, organization-wide security awareness and training program that leverages the benefits of Wombat’s Continuous Training Methodology and includes assessment, education, reinforcement and reporting activities.

The retirement benefits provider first engaged with Wombat by performing a proof of concept (POC) exercise, which revealed a phishing click rate of just under 20% – higher than the 13% average end-user click rate found in data gathered for Wombat’s 2017 State of the Phish Report.

“We recognized the need for security awareness training, and we had complete executive and board-level buy-in before we even started to define the scope of how we would deliver it,” said the organization’s IT systems manager. “When we started to define the project, we did a project charter with an execution plan and a communications plan. We defined a program that included Wombat’s security awareness and training products as core components, but they are not the only pieces of our program. We are really comprehensive in our approach and execution.”

The comprehensive program includes: regular phishing and knowledge assessments, quarterly training assignments, consistent tracking and biannual reporting, and regular reinforcement of key principles.

The Results

After one year, the organization’s click rate had fallen from 20% (established in the POC) to 5%. Just prior to hitting the 15-month mark, the lowest click rate was registered at 2% which is an 89% reduction in susceptibility. In addition to numerical results, the association has recognized administrative and organizational advantages from the program, including simplified Board reporting and external auditing.

Overall, the association is focused on delivering a program that tests susceptibility to different phishing threat vectors — like malicious attachments, links, and data entry requests — and helps drive measurable improvements over the long term. The important thing, the IT systems manager noted, is for the organization to continue to get a better understanding of where its vulnerabilities lie and work to limit end-user risk.

However, the benefits to the organization extend beyond numerical risk reduction measurement and improvements in end-user behavior. The IT systems manager noted, “The program’s helped with our liability insurance, and just meeting regulations in general. For all intents and purposes, security awareness and training initiatives are being required by all external entities that our organization deals with.”

Other members of the IT team have also noted the benefits. “The program has been a real help in reporting to the Board,” said the association’s IT project manager, “and it’s also been valuable with regard to our annual external audit.” The project manager indicated that Wombat’s expertise allowed the association’s program to move forward more quickly, which is valuable during a time when regulations are only likely to increase.

“Without Wombat, it would be very hard to do as comprehensive a program as we do,” said the IT systems manager. “We absolutely feel there’s a big benefit of partnering with an expert to quickly incorporate assessment and education tools. We’ve enjoyed using Wombat’s resources as components of our overall security awareness program.”

“This is a clear example of how a holistic security awareness and training program that embraces Wombat’s Continuous Training Methodology can be incredibly effective,” stated Joe Ferrara, Wombat’s President and CEO. “The organization’s commitment to a comprehensive program will ultimately provide a clear understanding of vulnerabilities and limit end-user risk with a long-term approach. Arming organizations with clear data and simplified reporting not only allows them better visibility, but also allows them to communicate with their key stakeholders, including executive teams and Board members.”

View the entire case study here.

About Wombat Security Technologies

Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS-based cyber security education solution includes a platform of integrated broad assessments, as well as a library of simulated attacks and brief interactive training modules. Wombat's solutions help organizations reduce successful phishing attacks and malware infections up to 90%. Wombat, recognized by Gartner as a leader in the Magic Quadrant for Security Awareness Computer-Based Training Vendors, is helping Fortune 1000 and Global 2000 customers in industry segments such as finance and banking, energy, technology, higher education, retail and consumer packaged goods to strengthen their cyber security defenses.

Wombat Security Contact:
Julie Frey

Susan Mackowiak
412-621-1484 x 126