wombatsecurity | June 03, 2014

Wombat Security’s Mock Phishing Attack Service is Keeping Companies Off the Hook by Quickly Reducing Susceptibility of Employees to Attack

Advancements to Wombat’s PhishGuru Product is Motivating Employees to Change Behavior, Lowering Susceptibility to Cyber Threats as much as 70% in One Month

Pittsburgh, PA – June 3, 2014– Wombat Security Technologies (Wombat) today announced enhancements to its award winning PhishGuru® product which is increasing employee participation in training and reducing their company’s susceptibility to phishing and other current cyber threats by almost 70% in as little as one month.  PhishGuru is an interactive mock phishing attack service that is highly engaging and greatly enhances an employee’s willingness to participate in follow-on security awareness training.

Key findings and customer results include:

  • A Fortune 50 organization reduced their susceptibility to attack by 68% in less than 3 weeks. 40% of employees fell for the first phishing attack and all of them were immediately assigned one of Wombat’s anti-phishing interactive training modules. In addition, everyone who didn’t fall for the phishing attack was also assigned training modules one week after the mock attack.  A few weeks after the program began, a second mock attack was sent to all employees and only 13% of employees fell for the second attack.
  • A large manufacturer saw similar results when assessing and training their IT department. Their first mock attack achieved a 35% click rate. Everyone who fell for the phishing attack was immediately assigned an anti-phishing training module. The people who didn’t fall for the attack also received an assignment for the same training. A second mock attack only enticed 11% of their audience to click, representing a 69% reduction in attack susceptibility in less than 60 days.
  • A large consulting organization with a mature security awareness and training program had an 11% click rate with a “credit card is overdue” phishing email. They auto-enrolled the “clickers” in interactive anti-phishing training and achieved a 4% click rate with a “virus alert” phishing attack sent 60 days after the previous attack. This was a 58% reduction in attack susceptibility even with a well-established security education program previously in place.
  • “Wombat’s findings provide powerful evidence that integrating interactive training with mock phishing attacks not only motivates employees to complete training, but also helps them retain and act upon the lessons learned,” said Derek Brink, vice president and research fellow at Aberdeen Group, A Harte Hanks Company. “Innovative security awareness methodologies like these are now definitively answering the question that so many companies have been asking – companies can actually reduce their risk by addressing human behaviors towards security.”

The benefits of PhishGuru’s new enhancements include:

  • Auto-enrollment – a unique feature that sends a training assignment email immediately after an employee falls for a mock attack, which has been proven to increase training completion rates five to tenfold.
  • Advanced Scheduling – This enables security officers to select the days of the week and hours of a day that mock phishing emails can be sent randomly to their list of end users. Spreading out the email distribution times, and randomizing the recipients, reduces the chances that employees can figure out they are being targets of mock attacks.  Using Advanced Scheduling, end users are less aware of the mock attacks other colleagues are receiving which means security officers can get a clean view of their susceptibility to attack.

“Our training methodology first pioneered by our co-founders at Carnegie Mellon University has proven itself time and again,” said Joe Ferrara. “Individually mock attacks and interactive training are two highly effective methods of educating employees, however when combined together through automation they produce stronger results and behavior change.”

Wombat has deep roots in the Security Awareness and Training Market, and is a recognized authority, having recently been named the Gold winner of the 2014 Global Excellence Awards in Tomorrow’s Technology Today for its Security Training Platform and Bronze winner in the New Product category for its CyberStrength® Security Awareness assessment product.  Wombat’s CEO, Joe Ferrara has recently been named “CEO of the Year” by the CEO Awards and is an EY Entrepreneur Of The Year™ 2014 Award finalist in Western Pennsylvania and West Virginia.

About Wombat Security Technologies

Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior.  Their SaaS cyber security education solution includes a platform of integrated broad assessments, as well as a library of simulated attacks and brief interactive training modules. Wombat's solutions allow organizations to reduce employee susceptibility to attack, including phishing attacks, by over 80%. Wombat is helping Fortune 1000 customers in industry segments such as finance, technology, banking, higher education, retail, and consumer packaged goods to strengthen their cyber security defenses.