SlideShare a Scribd company logo

Cybersecurity Training For Humans!

I
InnesGerrard

So much effort has been put into educating people about hackers, viruses, ransomware and other cybersecurity threats and a key component of the problem has been largely overlooked - we're all human and we all make mistakes! I'm a firm believer that education is the route forward. For a few pounds a month you can with Doherty Associates continually educate your most important business assets - your staff - in a fun and rewarding manner. Google "employee cyber security negligence" and various reports will confirm the number one cause of data breaches is human error. Usually, these data breaches are accidental and are the result of an employee losing a mobile device or document containing passwords or sensitive information! I'd be happy to assist if you think your staff need some help.

Services
1 of 7
Download to read offline
1 GL-1852 www.mimecast.com | © 2018 Mimecast ALL RIGHTS RESERVED | Solution Brief Security Awareness Training Done Right Cybersecurity For Humans When the anatomy of successful cyberattacks is analyzed, nearly all of them have one thing in common – some user, somewhere, did something that could have been avoided. Despite the most advanced protections that can be put in place, despite the best threat intelligence that can be brought to bear, organizations remain vulnerable because of one key factor: human error. Research shows that 90%+ of breaches involve human error, and, in 2018, organizations face a 27% chance of suffering a major data breach involving 10,000 records or more. Those types of massive breaches come with an average cost of four million dollars each to remediate. Clearly human error is not to be taken lightly. People are - and likely always will be - the weak link in the chain. Yet, efforts to reduce the very real risk they represent are failing. Organizations are pouring billions of dollars into security and awareness training, but these investments are not translating into results. In fact, the probability that companies of all types and sizes will experience a security breach is greater today than it was four years ago. Something needs to change. Mimecast helps companies protect their employees, intellectual property, customer data, and brand reputations by providing comprehensive, cloud-based security solutions that mitigate risk and reduce the cost and complexity of creating a cyber-resilient organization. Mimecast Awareness Training is a security awareness training and cyber risk management platform that helps you combat information security breaches caused by employee mistakes. Developed by top leadership from the U.S. military, law enforcement, and intelligence community, it makes employees an active part of your defense, instead of your biggest risk, by: • Providing the best, most engaging content in the industry – People don’t “like” Mimecast’s training – they love it. They ask for more. They print T-shirts based on our characters. The engagement our training drives and the results it delivers are difficult to match. • Deploying training persistently, but not intrusively – Cyberattacks are many things, but one thing they are not is predictable. Mimecast combines highly engaging content with a persistent, non-intrusive training methodology to change behavior, improve knowledge and retention regarding core security issues and ultimately lower risk. We help you create and maintain the highest possible level of organizational security awareness and the punch line is that the training takes only 3 to 5 minutes a month, a tolerable ask of today’s busy employee. • Fostering individual responsibility – Mimecast Awareness Training helps build your human firewall by working to give all employees a stronger sense of individual responsibility for protecting the organization. Awareness Training 27.9% Probability of a major data breach* $3.86 Million Average cost of a breach* 90+% of Breaches Involve Employee Error** **Willis Tower Watson - 2017 *Ponemon/IBM 2018
www.mimecast.com | © 2018 Mimecast ALL RIGHTS RESERVED | 2 Solution Brief GL-1852 Oh, The Human Error… Why are people such easy targets when it comes to cyberattacks? The greatest factor is the propensity of humans to be just that – human. The vast majority of mistakes are completely innocent and - more importantly - avoidable, with the most common causes being lack of knowledge, lack of attention, and lack of concern. Security training typically fails because it doesn’t take these realities into account. In other words, it doesn’t reflect how people work and learn today. It’s delivered too infrequently (what did IT say I should do when I get a suspicious email?). It’s long, dull, dry, and boring (I’ll pay attention in a second… just have to send this one email). And employees often feel targeted, rather than supported (“did IT really just try to trick me with this fake phishing email?”). Bad Training – A Vicious Cycle When training is unengaging and unenjoyable, people don’t learn. If they are not armed with the knowledge of what to look out for and what to do when the situation arises, they will make mistakes. And, in what is an act of self-defense, they will treat security as “sombody else’s problem” and develop a dismissive attitude about training. This negative process reinforces itself over time, making insufficient training programs not just useless, but harmful. It’s time to break the cycle. As some incredibly smart person once said, the definition of insanity is doing the same thing over and over and expecting a different outcome. The time for a new approach has arrived. It’s time to break the cycle. Training systems typically rely on fear to drive engagement. That works. For a short time. Then employees become desensitized, resentful and unresponsive. Is that really the way? Not in our view. Mimecast relies on humor to engage. Studies show that humor releases dopamine in the brain, which is positively correlated with goal-oriented learning results and long-term memory retention. Humor works with students of all ages. Educators have shown that using humor with any age of student – from kindergarten through college – drives better performance. And humor will work with your employees too. Our security training is built to make you chuckle. Each training module is anchored on a 2-3 minute video, written by real movie/TV comedy writers and acted by entertainment industry pros. In a few minutes per month, employees get a dose of knowledge, learning what to do through mini-sitcoms they won’t forget. Our training videos are the foundation of a focused, complete and effective system that imparts and reinforces crucial knowledge. The Key To Engagement - Humor “ Mimecast Awareness Training engages our workforce in a whole new way, entertaining and very effective” Tim Murphy President, Thomson Reuters Special Services, LLC Former Deputy Director, FBI
www.mimecast.com | © 2018 Mimecast ALL RIGHTS RESERVED | 3 Solution Brief GL-1852 Welcome Sound Judgment Mimecast Awareness Training uses a continuous, virtuous cycle that changes behavior and lowers risk. The foundation of the platform is engagement through humor, which is the key to improving awareness and knowledge. Only by getting employees to understand both what’s at stake and what to do about it can you change their attitudes and drive a lasting, positive shift in security culture. To accomplish these objectives, Mimecast Awareness Training focuses on four key areas. Change Behavior Lower Risk Data Driven Objective Accurate Knowledge Awareness Attitude Targeted Efficient Effective Video-Based Relevant Short/ Persistent Real World Testing Engaging Training Custom Remediation Risk Scoring Mimecast Awareness Training delivers massively engaging, video-based training modules – developed by professionals from the TV and film industry – to all users on a monthly basis. These 3 to 5 minute video-centric modules take a best-practice, “micro-learning” approach, driving retention by delivering persistent learning in manageable and digestible blocks. Core to Mimecast’s training approach is humor (don’t laugh now, we’re being serious). Our videos are built to be informative of course, but they are also meant to be fun. Rather than threatening with fear, Mimecast finds it far more effective to engage with funny. Why? Because employees will look forward to the training, rather than dreading it. They pay attention. And most importantly, they learn. Each video takes a complex and -let’s be real here - often boring topic – from ransomware, phishing, and impersonation fraud to regulations (we heart you GDPR), password best practices and privacy rules. We make the material approachable and understandable, breaking the content down into: 1) Engaging Training • What the threat Is • What to do about It • Consequences for the company • Personal impact The content provides a holistic approach across all security concerns; and with 12 to 15 new modules created every year, training stays both fresh for end users and reflective of a continuously changing threat landscape.
www.mimecast.com | © 2018 Mimecast ALL RIGHTS RESERVED | 4 Solution Brief GL-1852 2) Real World Testing 3) Employee And Company Risk Scoring Mimecast understands that testing must be more than a box-checking exercise if it’s going to have any impact or lasting effect. That’s why the Mimecast Awareness Training platform regularly evaluates employees and tracks indicators across the three root causes of human error – knowledge, awareness, and attitude. These testing capabilities are designed to assess three key areas. The first is employee attitudes and sentiment toward security (from “sir, yes sir” to “frankly my dear, I don’t give a damn”). Every user is presented with a set of questions before any training is delivered to establish a baseline and is then asked to respond to those same questions again every six months thereafter. Results are then used to assess how seriously each employee takes security threats and how prepared each individual feels to cope with it. The second area is employees’ knowledge of the concepts each training module delivers, with a single question that gets straight to the heart of the matter at the end of each session. Questions are designed to reinforce key concepts and force the employees to think about each scenario in a unique way. This process has a massive positive impact on information retention and ultimately, behavioral change. Last but not least are Mimecast’s phishing test capabilities, which are fully integrated with our training modules and simple to implement and manage – no dedicated resources required. Custom tests can easily be built and deployed and there is a large selection of stored templates to choose from. And in breaking news, Mimecast will soon be the only security training provider that can support personalized delivery of authentic but de-fanged phishing attacks for training purposes. Instead of relying on made-up phish tests or watered-down templates, you’ll be able to test employees with real phishing emails in real-time. Yes, it’s true! We’re excited about it too. The Mimecast Awareness Training platform lets you focus on the greatest areas of risk and need by using a predictive model to determine who your riskiest employees are based on both behavior and how likely they are to be attacked. The solution compares employee testing data across millions of data points to assess risk at both an individual and organizational level. The system then rates employees from very poor to excellent. Those who receive a poor score are operating two standard deviations from the mean of behavior and are in the riskiest 3% of employees. In other words, they’re truly a security issue. Armed with this information, you can direct training resources to those who need it most, dramatically improve outcomes, and substantially reduce risk. A major downfall of many training programs is that they treat everyone the same. Just as there was that kid in high school who could have taught your math teacher advanced calculus, there will be people in your organization who need minimal support from a security training standpoint. Likewise, there will be individuals who require regular coaching and intervention or who, by the nature of the positions they hold (a wire transfer would be perfect, thanks), are more likely to be targeted. 0.4 0.3 0.2 0.1 0.0 34.1%13.6%2.1% -30 -20 -10 0 10 20 30 0.1% 0.1%2.1%13.6%34.1% Represents Truly Risky Behavior
www.mimecast.com | © 2018 Mimecast ALL RIGHTS RESERVED | 5 Solution Brief GL-1852 4) Custom, Personalized Training And Other Remediation Coming Soon... The Real Ph_ing Deal With employee risk scores in hand, the question of where to focus has been answered, but the Mimecast Awareness Training platform is designed to help you answer the question of how to help as well. Based on individual employee profiles, training can be delivered with more regularity, and behaviors can be flagged so your team can provide one-to-one coaching when needed. Customized scenarios can be created to continuously assess and train high-risk employees, and system permissions can also be adjusted for those who don’t respond well to training. Try as most security teams might, it’s virtually impossible to consistently and accurately replicate the sophistication and variability of genuine cyberattacks for the purpose of testing and training employees – a factor that automatically puts your organization at a disadvantage and one that cyber criminals count on. Mimecast will soon be the only provider that can support personalized delivery of authentic but de-fanged phishing attacks for training purposes. Instead of relying on made-up phish tests or watered-down templates, Mimecast will allow you to test employees with real phishing emails in real-time and factor the results into employee risk scoring and analysis. Now THAT is ph_ing awesome. With traditional approaches, you only know how employees respond to real phishing attacks when they actually occur. This ground-breaking capability from Mimecast will soon allow you to test your users with the real deal in a completely safe environment. Think of it this way. The next time you fly, would you prefer your pilot to have received all their training in a flight simulator, or to have had some actual time behind the stick? Which would you prefer? Yep – us too. Game… Changed. Key Capabilities • Highly engaging, modern training videos created by some of the top talent in the entertainment industry • Best-practice, micro-learning approach that delivers 3 to 5 minute video-based training modules to every user monthly • Simple, intelligent, and predictive testing to measure both knowledge and sentiment • Employee and organizational risk-scoring measured against millions of industry data points • New training delivered 12 to 15 times a year to ensure content stays fresh and relevant • Easy to implement and manage phish testing, with the ability to use real-life, de-fanged phishing tests coming soon
www.mimecast.com | © 2018 Mimecast ALL RIGHTS RESERVED | 6 Solution Brief GL-1852 Why Choose Mimecast Awareness Training? 1. The best, most engaging content in the industry – Mimecast isn’t your grandfather’s security training content. It’s different, it’s funny, and it’s effective. 2. The expertise and trust of people who know whereof they speak – Mimecast’s Awareness Training was developed by top leadership from the U.S. military, law enforcement, and intelligence community and is trusted and endorsed by people with deep knowledge of cybersecurity challenges and first-hand experience addressing them – including a former director of the FBI and a former SVP and CSO for AT&T. 3. Real-time, predictive risk scoring – Scoring is applied at both the employee and organizational level and is based on comparison with millions of industry data points. You’ll know where to focus your resources and time, so you can reduce risk and maintain the highest possible level of organizational security awareness. 4. Real-world resilience – Mimecast puts an end to “spray and pray” training by allowing you to target groups at the greatest risk with specialized and personalized training. You can make the awesomeness of the limited resources at your disposal stretch farther and have a greater impact than ever before. 5. Comprehensive cybersecurity capabilities with a single solution - Mimecast Awareness Training is fully and seamlessly integrated with Mimecast’s full suite of email security, web security, and enterprise information archiving solutions, giving you the option to deploy a single, cloud-based solution to address all your cybersecurity needs. Engage employees as an active part of your defense, instead of your biggest risk. 1 Identify your riskiest people and stop them before they make a mistake. 2 Apply limited training resources where they are needed most. 3 Three Key Steps, One Amazing Solution With Mimecast Awareness Training, You Can:
www.mimecast.com | © 2018 Mimecast ALL RIGHTS RESERVED | 7 Solution Brief GL-1852 The Mimecast Difference Mime|OS The Mimecast Security Operations Center Mime|OS is the multi-tenant, native cloud operating system that underpins all Mimecast products, delivering an integrated solution and serving as a global immune system for thousands of customers worldwide. This unique platform delivers high performance while also driving continuous innovation so customers always have the most sophisticated, current protections in place. It provides: • Continuous threat assessments derived from 40+ third-party feeds and detection engines • Multi-layered inspection processes • Real-time blocking of malicious content • A global deployment footprint • 100% availability service levels • Simplified integration via a robust API • Enterprise-wide visibility World-class security with all the cost, confidence, and convenience of the cloud – that’s what Mime|OS delivers. The Mimecast Security Operations Center (MSOC) is staffed by security experts whose sole focus is to help you stay ahead of attackers by continuously monitoring, optimizing, and enhancing Mimecast’s solutions. The MSOC is: • Always on – Monitoring Mimecast solutions 24x7, 365 days a year • Always monitoring – Collaborating with third-parties, partnering with customers, and keeping a constant eye on the threat landscape • Always improving – Conducting research into the behavior and strategy behind attacks; driving continuous adaptation. The MSOC gives you access to the best and brightest minds in cyber-resilience, all dedicated to helping keep your business safe. “I’ve been involved with enterprise security awareness for decades, and have barely found anything as compelling and fun as the content from Mimecast. Their video approach is an amazing way to move culture, and I suspect CISOs will really like their emphasis on risk analytics as well.” William Hammersla Chairman, Utilidata Fmr CSO, Forcepoint and Fmr President, Raytheon Cyber Products Mimecast (NASDAQ: MIME) makes business email and data safer for thousands of customers with millions of employees worldwide. Founded in 2003, the company’s next-generation cloud-based security, archiving and continuity services protect email and deliver comprehensive email risk management.

Recommended

Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorSandra (Sandy) Dunn
 
The human factor
The human factorThe human factor
The human factorKoen Maris
 
Sensible defence
Sensible defenceSensible defence
Sensible defenceKoen Maris
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook SecurityRogers Communications
 
Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awarenessCOMSATS
 
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 DecXavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 DecLaura Tibbo
 
Putting safety to work the business case for psychology based safety training...
Putting safety to work the business case for psychology based safety training...Putting safety to work the business case for psychology based safety training...
Putting safety to work the business case for psychology based safety training...OHS Leaders Summit
 
Information Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelInformation Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelKoen Maris
 

Recommended

Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorSandra (Sandy) Dunn
 
The human factor
The human factorThe human factor
The human factorKoen Maris
 
Sensible defence
Sensible defenceSensible defence
Sensible defenceKoen Maris
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook SecurityRogers Communications
 
Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awarenessCOMSATS
 
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 DecXavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 DecLaura Tibbo
 
Putting safety to work the business case for psychology based safety training...
Putting safety to work the business case for psychology based safety training...Putting safety to work the business case for psychology based safety training...
Putting safety to work the business case for psychology based safety training...OHS Leaders Summit
 
Information Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelInformation Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelKoen Maris
 
Convergence of Security Risks
Convergence of Security RisksConvergence of Security Risks
Convergence of Security RisksEnterprise Security Risk Management
 
Embry-Riddle Aeronautical University
Embry-Riddle Aeronautical UniversityEmbry-Riddle Aeronautical University
Embry-Riddle Aeronautical UniversityGradytl
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity ModelCSCJournals
 
CM FAll 2015
CM FAll 2015CM FAll 2015
CM FAll 2015Matthew Williams
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover StoryTorrid Networks Private Limited
 
Game based learning for safety and security education
Game based learning for safety and security educationGame based learning for safety and security education
Game based learning for safety and security educationJournal of Education and Learning (EduLearn)
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBsGFI Software
 
Security Awareness Program
Security Awareness ProgramSecurity Awareness Program
Security Awareness ProgramDavid Wigton
 
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-MaligecChristine Maligec, CRM-E, CRIS
 
How to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkitsHow to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkitsIT-Toolkits.org
 
Engage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramEngage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramBen Woelk, CISSP, CPTC
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
The meaning of security in the 21st century
The meaning of security in the 21st centuryThe meaning of security in the 21st century
The meaning of security in the 21st centuryThe Economist Media Businesses
 
2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccess2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccessasundaram1
 
Security and Business Continuity Working Together
Security and Business Continuity Working TogetherSecurity and Business Continuity Working Together
Security and Business Continuity Working Togethercharliemb2
 
Security risk
Security riskSecurity risk
Security riskRandy Tamoria
 
The C-suite, the Board and Cyber-defense
The C-suite, the Board and Cyber-defenseThe C-suite, the Board and Cyber-defense
The C-suite, the Board and Cyber-defenseThe Economist Media Businesses
 
How to Create a Security-Aware Culture in Your Company
How to Create a Security-Aware Culture in Your CompanyHow to Create a Security-Aware Culture in Your Company
How to Create a Security-Aware Culture in Your CompanyDavid McHale
 
Cultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityCultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityDavid X Martin
 
EB - Five Forces That Drive a Successful Managed Security Services Offering -...
EB - Five Forces That Drive a Successful Managed Security Services Offering -...EB - Five Forces That Drive a Successful Managed Security Services Offering -...
EB - Five Forces That Drive a Successful Managed Security Services Offering -...ssuser2d55aa
 
Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ? Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ? Positive Hack Days
 
Awareness is only the first step
Awareness is only the first stepAwareness is only the first step
Awareness is only the first stepHewlett Packard Enterprise Business Value Exchange
 

More Related Content

What's hot

Embry-Riddle Aeronautical University
Embry-Riddle Aeronautical UniversityEmbry-Riddle Aeronautical University
Embry-Riddle Aeronautical UniversityGradytl
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity ModelCSCJournals
 
Security Awareness Program
Security Awareness ProgramSecurity Awareness Program
Security Awareness ProgramDavid Wigton
 
How to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkitsHow to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkitsIT-Toolkits.org
 
Engage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramEngage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramBen Woelk, CISSP, CPTC
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccess2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccessasundaram1
 
Security and Business Continuity Working Together
Security and Business Continuity Working TogetherSecurity and Business Continuity Working Together
Security and Business Continuity Working Togethercharliemb2
 

What's hot (17)

Convergence of Security Risks
Convergence of Security RisksConvergence of Security Risks
Convergence of Security Risks
 
Embry-Riddle Aeronautical University
Embry-Riddle Aeronautical UniversityEmbry-Riddle Aeronautical University
Embry-Riddle Aeronautical University
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity Model
 
CM FAll 2015
CM FAll 2015CM FAll 2015
CM FAll 2015
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover Story
 
Game based learning for safety and security education
Game based learning for safety and security educationGame based learning for safety and security education
Game based learning for safety and security education
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBs
 
Security Awareness Program
Security Awareness ProgramSecurity Awareness Program
Security Awareness Program
 
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec
 
How to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkitsHow to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkits
 
Engage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramEngage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness Program
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
The meaning of security in the 21st century
The meaning of security in the 21st centuryThe meaning of security in the 21st century
The meaning of security in the 21st century
 
2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccess2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccess
 
Security and Business Continuity Working Together
Security and Business Continuity Working TogetherSecurity and Business Continuity Working Together
Security and Business Continuity Working Together
 
Security risk
Security riskSecurity risk
Security risk
 
The C-suite, the Board and Cyber-defense
The C-suite, the Board and Cyber-defenseThe C-suite, the Board and Cyber-defense
The C-suite, the Board and Cyber-defense
 

Similar to Cybersecurity Training For Humans!

How to Create a Security-Aware Culture in Your Company
How to Create a Security-Aware Culture in Your CompanyHow to Create a Security-Aware Culture in Your Company
How to Create a Security-Aware Culture in Your CompanyDavid McHale
 
Cultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityCultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityDavid X Martin
 
EB - Five Forces That Drive a Successful Managed Security Services Offering -...
EB - Five Forces That Drive a Successful Managed Security Services Offering -...EB - Five Forces That Drive a Successful Managed Security Services Offering -...
EB - Five Forces That Drive a Successful Managed Security Services Offering -...ssuser2d55aa
 
Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ? Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ? Positive Hack Days
 
Issa Vancouver 6 09 Pareto's Revenge
Issa Vancouver 6 09 Pareto's RevengeIssa Vancouver 6 09 Pareto's Revenge
Issa Vancouver 6 09 Pareto's RevengeMike Murray
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingSwati Gupta
 
Cybersecurity education catalog sae september 2021
Cybersecurity education catalog sae september 2021Cybersecurity education catalog sae september 2021
Cybersecurity education catalog sae september 2021TrustwaveHoldings
 
Get Employees Invested In CyberSecurity
Get Employees Invested In CyberSecurity Get Employees Invested In CyberSecurity
Get Employees Invested In CyberSecurity Scott Maurice
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
ISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security cultureISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security cultureCraig McGill
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
CISO Interview Question.pdf
CISO Interview Question.pdfCISO Interview Question.pdf
CISO Interview Question.pdfinfosec train
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Michael Kaishar, MSIA | CISSP
 
Empower Business by Filling Gap of Cyber Security Skills
Empower Business by Filling Gap of Cyber Security SkillsEmpower Business by Filling Gap of Cyber Security Skills
Empower Business by Filling Gap of Cyber Security SkillsClickSSL
 
Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Devendra kashyap
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapDominic Vogel
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 
Strategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleStrategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleKevin Duffey
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfHumphrey Humphrey
 

Similar to Cybersecurity Training For Humans! (20)

How to Create a Security-Aware Culture in Your Company
How to Create a Security-Aware Culture in Your CompanyHow to Create a Security-Aware Culture in Your Company
How to Create a Security-Aware Culture in Your Company
 
Cultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityCultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurity
 
EB - Five Forces That Drive a Successful Managed Security Services Offering -...
EB - Five Forces That Drive a Successful Managed Security Services Offering -...EB - Five Forces That Drive a Successful Managed Security Services Offering -...
EB - Five Forces That Drive a Successful Managed Security Services Offering -...
 
Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ? Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ?
 
Awareness is only the first step
Awareness is only the first stepAwareness is only the first step
Awareness is only the first step
 
Issa Vancouver 6 09 Pareto's Revenge
Issa Vancouver 6 09 Pareto's RevengeIssa Vancouver 6 09 Pareto's Revenge
Issa Vancouver 6 09 Pareto's Revenge
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-training
 
Cybersecurity education catalog sae september 2021
Cybersecurity education catalog sae september 2021Cybersecurity education catalog sae september 2021
Cybersecurity education catalog sae september 2021
 
Get Employees Invested In CyberSecurity
Get Employees Invested In CyberSecurity Get Employees Invested In CyberSecurity
Get Employees Invested In CyberSecurity
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
ISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security cultureISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security culture
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
CISO Interview Question.pdf
CISO Interview Question.pdfCISO Interview Question.pdf
CISO Interview Question.pdf
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
 
Empower Business by Filling Gap of Cyber Security Skills
Empower Business by Filling Gap of Cyber Security SkillsEmpower Business by Filling Gap of Cyber Security Skills
Empower Business by Filling Gap of Cyber Security Skills
 
Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event Recap
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
 
Strategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleStrategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a Role
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdf
 

Recently uploaded

(9599264170) ↫ Call Girls In Rk Puram ↫ Delhi NCR
(9599264170) ↫ Call Girls In Rk Puram ↫ Delhi NCR(9599264170) ↫ Call Girls In Rk Puram ↫ Delhi NCR
(9599264170) ↫ Call Girls In Rk Puram ↫ Delhi NCREscort Service
 
Book Call Girls in Lahore || 03070433345 || Young, Hot, Sexy, VIP Girls Avail...
Book Call Girls in Lahore || 03070433345 || Young, Hot, Sexy, VIP Girls Avail...Book Call Girls in Lahore || 03070433345 || Young, Hot, Sexy, VIP Girls Avail...
Book Call Girls in Lahore || 03070433345 || Young, Hot, Sexy, VIP Girls Avail...Ayesha Khan
 
Call Girls In Naraina (Delhi) +91-9667422720 Escorts Service
Call Girls In Naraina (Delhi) +91-9667422720 Escorts ServiceCall Girls In Naraina (Delhi) +91-9667422720 Escorts Service
Call Girls In Naraina (Delhi) +91-9667422720 Escorts ServiceLipikasharma29
 
9811611494,Low Rate Call Girls In Connaught Place Delhi 24hrs Available
9811611494,Low Rate Call Girls In Connaught Place Delhi 24hrs Available9811611494,Low Rate Call Girls In Connaught Place Delhi 24hrs Available
9811611494,Low Rate Call Girls In Connaught Place Delhi 24hrs Availablenitugupta1209
 
NAGPUR CALL GIRL 92628*71154 NAGPUR CALL
NAGPUR CALL GIRL 92628*71154 NAGPUR CALLNAGPUR CALL GIRL 92628*71154 NAGPUR CALL
NAGPUR CALL GIRL 92628*71154 NAGPUR CALLNiteshKumar82226
 
Call Girls In Islamabad | 03278838827 || 24/7 Service Islamabad Call Girls & ...
Call Girls In Islamabad | 03278838827 || 24/7 Service Islamabad Call Girls & ...Call Girls In Islamabad | 03278838827 || 24/7 Service Islamabad Call Girls & ...
Call Girls In Islamabad | 03278838827 || 24/7 Service Islamabad Call Girls & ...Ayesha Khan
 
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...aakahthapa70
 
Call Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash Payment
Call Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash PaymentCall Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash Payment
Call Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash Paymentaakahthapa70
 
Call US Pooja📞 9892124323 ✅Call Girls In Mira Road ( Mumbai ) secure service...
Call US Pooja📞 9892124323 ✅Call Girls In Mira Road ( Mumbai ) secure service...Call US Pooja📞 9892124323 ✅Call Girls In Mira Road ( Mumbai ) secure service...
Call US Pooja📞 9892124323 ✅Call Girls In Mira Road ( Mumbai ) secure service...Pooja Nehwal
 
(8264348440) 🔝 Call Girls In Noida Sector 62 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Noida Sector 62 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Noida Sector 62 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Noida Sector 62 🔝 Delhi NCRsoniya singh
 
Call Girls In Islamabad 💯Call Us 🔝03090999379🔝
Call Girls In Islamabad 💯Call Us 🔝03090999379🔝Call Girls In Islamabad 💯Call Us 🔝03090999379🔝
Call Girls In Islamabad 💯Call Us 🔝03090999379🔝Ayesha Khan
 
Call Girls In Islamabad ***03255523555*** Red Hot Call Girls In Islamabad Esc...
Call Girls In Islamabad ***03255523555*** Red Hot Call Girls In Islamabad Esc...Call Girls In Islamabad ***03255523555*** Red Hot Call Girls In Islamabad Esc...
Call Girls In Islamabad ***03255523555*** Red Hot Call Girls In Islamabad Esc...Ayesha Khan
 
Call Girls in Janakpuri Delhi 💯 Call Us 🔝9667422720🔝
Call Girls in Janakpuri Delhi 💯 Call Us 🔝9667422720🔝Call Girls in Janakpuri Delhi 💯 Call Us 🔝9667422720🔝
Call Girls in Janakpuri Delhi 💯 Call Us 🔝9667422720🔝Lipikasharma29
 
Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...
Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...
Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...aakahthapa70
 
Call Girls In {Green Park Delhi} 9667938988 Indian Russian High Profile Girls...
Call Girls In {Green Park Delhi} 9667938988 Indian Russian High Profile Girls...Call Girls In {Green Park Delhi} 9667938988 Indian Russian High Profile Girls...
Call Girls In {Green Park Delhi} 9667938988 Indian Russian High Profile Girls...aakahthapa70
 
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...aakahthapa70
 
NASHIK CALL GIRL 92628*71154 NASHIK CALL
NASHIK CALL GIRL 92628*71154 NASHIK CALLNASHIK CALL GIRL 92628*71154 NASHIK CALL
NASHIK CALL GIRL 92628*71154 NASHIK CALLNiteshKumar82226
 
Call Girls in Chattarpur Delhi 💯 Call Us 🔝9667422720🔝
Call Girls in Chattarpur Delhi 💯 Call Us 🔝9667422720🔝Call Girls in Chattarpur Delhi 💯 Call Us 🔝9667422720🔝
Call Girls in Chattarpur Delhi 💯 Call Us 🔝9667422720🔝Lipikasharma29
 

Recently uploaded (20)

(9599264170) ↫ Call Girls In Rk Puram ↫ Delhi NCR
(9599264170) ↫ Call Girls In Rk Puram ↫ Delhi NCR(9599264170) ↫ Call Girls In Rk Puram ↫ Delhi NCR
(9599264170) ↫ Call Girls In Rk Puram ↫ Delhi NCR
 
Book Call Girls in Lahore || 03070433345 || Young, Hot, Sexy, VIP Girls Avail...
Book Call Girls in Lahore || 03070433345 || Young, Hot, Sexy, VIP Girls Avail...Book Call Girls in Lahore || 03070433345 || Young, Hot, Sexy, VIP Girls Avail...
Book Call Girls in Lahore || 03070433345 || Young, Hot, Sexy, VIP Girls Avail...
 
9953056974 Call Girls In Ashok Nagar, Escorts (Delhi) NCR.
9953056974 Call Girls In Ashok Nagar, Escorts (Delhi) NCR.9953056974 Call Girls In Ashok Nagar, Escorts (Delhi) NCR.
9953056974 Call Girls In Ashok Nagar, Escorts (Delhi) NCR.
 
Call Girls In Naraina (Delhi) +91-9667422720 Escorts Service
Call Girls In Naraina (Delhi) +91-9667422720 Escorts ServiceCall Girls In Naraina (Delhi) +91-9667422720 Escorts Service
Call Girls In Naraina (Delhi) +91-9667422720 Escorts Service
 
9811611494,Low Rate Call Girls In Connaught Place Delhi 24hrs Available
9811611494,Low Rate Call Girls In Connaught Place Delhi 24hrs Available9811611494,Low Rate Call Girls In Connaught Place Delhi 24hrs Available
9811611494,Low Rate Call Girls In Connaught Place Delhi 24hrs Available
 
NAGPUR CALL GIRL 92628*71154 NAGPUR CALL
NAGPUR CALL GIRL 92628*71154 NAGPUR CALLNAGPUR CALL GIRL 92628*71154 NAGPUR CALL
NAGPUR CALL GIRL 92628*71154 NAGPUR CALL
 
Call Girls In Islamabad | 03278838827 || 24/7 Service Islamabad Call Girls & ...
Call Girls In Islamabad | 03278838827 || 24/7 Service Islamabad Call Girls & ...Call Girls In Islamabad | 03278838827 || 24/7 Service Islamabad Call Girls & ...
Call Girls In Islamabad | 03278838827 || 24/7 Service Islamabad Call Girls & ...
 
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
 
Call Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash Payment
Call Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash PaymentCall Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash Payment
Call Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash Payment
 
Call US Pooja📞 9892124323 ✅Call Girls In Mira Road ( Mumbai ) secure service...
Call US Pooja📞 9892124323 ✅Call Girls In Mira Road ( Mumbai ) secure service...Call US Pooja📞 9892124323 ✅Call Girls In Mira Road ( Mumbai ) secure service...
Call US Pooja📞 9892124323 ✅Call Girls In Mira Road ( Mumbai ) secure service...
 
(8264348440) 🔝 Call Girls In Noida Sector 62 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Noida Sector 62 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Noida Sector 62 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Noida Sector 62 🔝 Delhi NCR
 
Call Girls In Islamabad 💯Call Us 🔝03090999379🔝
Call Girls In Islamabad 💯Call Us 🔝03090999379🔝Call Girls In Islamabad 💯Call Us 🔝03090999379🔝
Call Girls In Islamabad 💯Call Us 🔝03090999379🔝
 
CALL GIRLS IN GOA & ESCORTS SERVICE +919540619990
CALL GIRLS IN GOA & ESCORTS SERVICE +919540619990CALL GIRLS IN GOA & ESCORTS SERVICE +919540619990
CALL GIRLS IN GOA & ESCORTS SERVICE +919540619990
 
Call Girls In Islamabad ***03255523555*** Red Hot Call Girls In Islamabad Esc...
Call Girls In Islamabad ***03255523555*** Red Hot Call Girls In Islamabad Esc...Call Girls In Islamabad ***03255523555*** Red Hot Call Girls In Islamabad Esc...
Call Girls In Islamabad ***03255523555*** Red Hot Call Girls In Islamabad Esc...
 
Call Girls in Janakpuri Delhi 💯 Call Us 🔝9667422720🔝
Call Girls in Janakpuri Delhi 💯 Call Us 🔝9667422720🔝Call Girls in Janakpuri Delhi 💯 Call Us 🔝9667422720🔝
Call Girls in Janakpuri Delhi 💯 Call Us 🔝9667422720🔝
 
Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...
Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...
Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...
 
Call Girls In {Green Park Delhi} 9667938988 Indian Russian High Profile Girls...
Call Girls In {Green Park Delhi} 9667938988 Indian Russian High Profile Girls...Call Girls In {Green Park Delhi} 9667938988 Indian Russian High Profile Girls...
Call Girls In {Green Park Delhi} 9667938988 Indian Russian High Profile Girls...
 
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
 
NASHIK CALL GIRL 92628*71154 NASHIK CALL
NASHIK CALL GIRL 92628*71154 NASHIK CALLNASHIK CALL GIRL 92628*71154 NASHIK CALL
NASHIK CALL GIRL 92628*71154 NASHIK CALL
 
Call Girls in Chattarpur Delhi 💯 Call Us 🔝9667422720🔝
Call Girls in Chattarpur Delhi 💯 Call Us 🔝9667422720🔝Call Girls in Chattarpur Delhi 💯 Call Us 🔝9667422720🔝
Call Girls in Chattarpur Delhi 💯 Call Us 🔝9667422720🔝
 

Cybersecurity Training For Humans!

  • 1. 1 GL-1852 www.mimecast.com | © 2018 Mimecast ALL RIGHTS RESERVED | Solution Brief Security Awareness Training Done Right Cybersecurity For Humans When the anatomy of successful cyberattacks is analyzed, nearly all of them have one thing in common – some user, somewhere, did something that could have been avoided. Despite the most advanced protections that can be put in place, despite the best threat intelligence that can be brought to bear, organizations remain vulnerable because of one key factor: human error. Research shows that 90%+ of breaches involve human error, and, in 2018, organizations face a 27% chance of suffering a major data breach involving 10,000 records or more. Those types of massive breaches come with an average cost of four million dollars each to remediate. Clearly human error is not to be taken lightly. People are - and likely always will be - the weak link in the chain. Yet, efforts to reduce the very real risk they represent are failing. Organizations are pouring billions of dollars into security and awareness training, but these investments are not translating into results. In fact, the probability that companies of all types and sizes will experience a security breach is greater today than it was four years ago. Something needs to change. Mimecast helps companies protect their employees, intellectual property, customer data, and brand reputations by providing comprehensive, cloud-based security solutions that mitigate risk and reduce the cost and complexity of creating a cyber-resilient organization. Mimecast Awareness Training is a security awareness training and cyber risk management platform that helps you combat information security breaches caused by employee mistakes. Developed by top leadership from the U.S. military, law enforcement, and intelligence community, it makes employees an active part of your defense, instead of your biggest risk, by: • Providing the best, most engaging content in the industry – People don’t “like” Mimecast’s training – they love it. They ask for more. They print T-shirts based on our characters. The engagement our training drives and the results it delivers are difficult to match. • Deploying training persistently, but not intrusively – Cyberattacks are many things, but one thing they are not is predictable. Mimecast combines highly engaging content with a persistent, non-intrusive training methodology to change behavior, improve knowledge and retention regarding core security issues and ultimately lower risk. We help you create and maintain the highest possible level of organizational security awareness and the punch line is that the training takes only 3 to 5 minutes a month, a tolerable ask of today’s busy employee. • Fostering individual responsibility – Mimecast Awareness Training helps build your human firewall by working to give all employees a stronger sense of individual responsibility for protecting the organization. Awareness Training 27.9% Probability of a major data breach* $3.86 Million Average cost of a breach* 90+% of Breaches Involve Employee Error** **Willis Tower Watson - 2017 *Ponemon/IBM 2018
  • 2. www.mimecast.com | © 2018 Mimecast ALL RIGHTS RESERVED | 2 Solution Brief GL-1852 Oh, The Human Error… Why are people such easy targets when it comes to cyberattacks? The greatest factor is the propensity of humans to be just that – human. The vast majority of mistakes are completely innocent and - more importantly - avoidable, with the most common causes being lack of knowledge, lack of attention, and lack of concern. Security training typically fails because it doesn’t take these realities into account. In other words, it doesn’t reflect how people work and learn today. It’s delivered too infrequently (what did IT say I should do when I get a suspicious email?). It’s long, dull, dry, and boring (I’ll pay attention in a second… just have to send this one email). And employees often feel targeted, rather than supported (“did IT really just try to trick me with this fake phishing email?”). Bad Training – A Vicious Cycle When training is unengaging and unenjoyable, people don’t learn. If they are not armed with the knowledge of what to look out for and what to do when the situation arises, they will make mistakes. And, in what is an act of self-defense, they will treat security as “sombody else’s problem” and develop a dismissive attitude about training. This negative process reinforces itself over time, making insufficient training programs not just useless, but harmful. It’s time to break the cycle. As some incredibly smart person once said, the definition of insanity is doing the same thing over and over and expecting a different outcome. The time for a new approach has arrived. It’s time to break the cycle. Training systems typically rely on fear to drive engagement. That works. For a short time. Then employees become desensitized, resentful and unresponsive. Is that really the way? Not in our view. Mimecast relies on humor to engage. Studies show that humor releases dopamine in the brain, which is positively correlated with goal-oriented learning results and long-term memory retention. Humor works with students of all ages. Educators have shown that using humor with any age of student – from kindergarten through college – drives better performance. And humor will work with your employees too. Our security training is built to make you chuckle. Each training module is anchored on a 2-3 minute video, written by real movie/TV comedy writers and acted by entertainment industry pros. In a few minutes per month, employees get a dose of knowledge, learning what to do through mini-sitcoms they won’t forget. Our training videos are the foundation of a focused, complete and effective system that imparts and reinforces crucial knowledge. The Key To Engagement - Humor “ Mimecast Awareness Training engages our workforce in a whole new way, entertaining and very effective” Tim Murphy President, Thomson Reuters Special Services, LLC Former Deputy Director, FBI
  • 3. www.mimecast.com | © 2018 Mimecast ALL RIGHTS RESERVED | 3 Solution Brief GL-1852 Welcome Sound Judgment Mimecast Awareness Training uses a continuous, virtuous cycle that changes behavior and lowers risk. The foundation of the platform is engagement through humor, which is the key to improving awareness and knowledge. Only by getting employees to understand both what’s at stake and what to do about it can you change their attitudes and drive a lasting, positive shift in security culture. To accomplish these objectives, Mimecast Awareness Training focuses on four key areas. Change Behavior Lower Risk Data Driven Objective Accurate Knowledge Awareness Attitude Targeted Efficient Effective Video-Based Relevant Short/ Persistent Real World Testing Engaging Training Custom Remediation Risk Scoring Mimecast Awareness Training delivers massively engaging, video-based training modules – developed by professionals from the TV and film industry – to all users on a monthly basis. These 3 to 5 minute video-centric modules take a best-practice, “micro-learning” approach, driving retention by delivering persistent learning in manageable and digestible blocks. Core to Mimecast’s training approach is humor (don’t laugh now, we’re being serious). Our videos are built to be informative of course, but they are also meant to be fun. Rather than threatening with fear, Mimecast finds it far more effective to engage with funny. Why? Because employees will look forward to the training, rather than dreading it. They pay attention. And most importantly, they learn. Each video takes a complex and -let’s be real here - often boring topic – from ransomware, phishing, and impersonation fraud to regulations (we heart you GDPR), password best practices and privacy rules. We make the material approachable and understandable, breaking the content down into: 1) Engaging Training • What the threat Is • What to do about It • Consequences for the company • Personal impact The content provides a holistic approach across all security concerns; and with 12 to 15 new modules created every year, training stays both fresh for end users and reflective of a continuously changing threat landscape.
  • 4. www.mimecast.com | © 2018 Mimecast ALL RIGHTS RESERVED | 4 Solution Brief GL-1852 2) Real World Testing 3) Employee And Company Risk Scoring Mimecast understands that testing must be more than a box-checking exercise if it’s going to have any impact or lasting effect. That’s why the Mimecast Awareness Training platform regularly evaluates employees and tracks indicators across the three root causes of human error – knowledge, awareness, and attitude. These testing capabilities are designed to assess three key areas. The first is employee attitudes and sentiment toward security (from “sir, yes sir” to “frankly my dear, I don’t give a damn”). Every user is presented with a set of questions before any training is delivered to establish a baseline and is then asked to respond to those same questions again every six months thereafter. Results are then used to assess how seriously each employee takes security threats and how prepared each individual feels to cope with it. The second area is employees’ knowledge of the concepts each training module delivers, with a single question that gets straight to the heart of the matter at the end of each session. Questions are designed to reinforce key concepts and force the employees to think about each scenario in a unique way. This process has a massive positive impact on information retention and ultimately, behavioral change. Last but not least are Mimecast’s phishing test capabilities, which are fully integrated with our training modules and simple to implement and manage – no dedicated resources required. Custom tests can easily be built and deployed and there is a large selection of stored templates to choose from. And in breaking news, Mimecast will soon be the only security training provider that can support personalized delivery of authentic but de-fanged phishing attacks for training purposes. Instead of relying on made-up phish tests or watered-down templates, you’ll be able to test employees with real phishing emails in real-time. Yes, it’s true! We’re excited about it too. The Mimecast Awareness Training platform lets you focus on the greatest areas of risk and need by using a predictive model to determine who your riskiest employees are based on both behavior and how likely they are to be attacked. The solution compares employee testing data across millions of data points to assess risk at both an individual and organizational level. The system then rates employees from very poor to excellent. Those who receive a poor score are operating two standard deviations from the mean of behavior and are in the riskiest 3% of employees. In other words, they’re truly a security issue. Armed with this information, you can direct training resources to those who need it most, dramatically improve outcomes, and substantially reduce risk. A major downfall of many training programs is that they treat everyone the same. Just as there was that kid in high school who could have taught your math teacher advanced calculus, there will be people in your organization who need minimal support from a security training standpoint. Likewise, there will be individuals who require regular coaching and intervention or who, by the nature of the positions they hold (a wire transfer would be perfect, thanks), are more likely to be targeted. 0.4 0.3 0.2 0.1 0.0 34.1%13.6%2.1% -30 -20 -10 0 10 20 30 0.1% 0.1%2.1%13.6%34.1% Represents Truly Risky Behavior
  • 5. www.mimecast.com | © 2018 Mimecast ALL RIGHTS RESERVED | 5 Solution Brief GL-1852 4) Custom, Personalized Training And Other Remediation Coming Soon... The Real Ph_ing Deal With employee risk scores in hand, the question of where to focus has been answered, but the Mimecast Awareness Training platform is designed to help you answer the question of how to help as well. Based on individual employee profiles, training can be delivered with more regularity, and behaviors can be flagged so your team can provide one-to-one coaching when needed. Customized scenarios can be created to continuously assess and train high-risk employees, and system permissions can also be adjusted for those who don’t respond well to training. Try as most security teams might, it’s virtually impossible to consistently and accurately replicate the sophistication and variability of genuine cyberattacks for the purpose of testing and training employees – a factor that automatically puts your organization at a disadvantage and one that cyber criminals count on. Mimecast will soon be the only provider that can support personalized delivery of authentic but de-fanged phishing attacks for training purposes. Instead of relying on made-up phish tests or watered-down templates, Mimecast will allow you to test employees with real phishing emails in real-time and factor the results into employee risk scoring and analysis. Now THAT is ph_ing awesome. With traditional approaches, you only know how employees respond to real phishing attacks when they actually occur. This ground-breaking capability from Mimecast will soon allow you to test your users with the real deal in a completely safe environment. Think of it this way. The next time you fly, would you prefer your pilot to have received all their training in a flight simulator, or to have had some actual time behind the stick? Which would you prefer? Yep – us too. Game… Changed. Key Capabilities • Highly engaging, modern training videos created by some of the top talent in the entertainment industry • Best-practice, micro-learning approach that delivers 3 to 5 minute video-based training modules to every user monthly • Simple, intelligent, and predictive testing to measure both knowledge and sentiment • Employee and organizational risk-scoring measured against millions of industry data points • New training delivered 12 to 15 times a year to ensure content stays fresh and relevant • Easy to implement and manage phish testing, with the ability to use real-life, de-fanged phishing tests coming soon
  • 6. www.mimecast.com | © 2018 Mimecast ALL RIGHTS RESERVED | 6 Solution Brief GL-1852 Why Choose Mimecast Awareness Training? 1. The best, most engaging content in the industry – Mimecast isn’t your grandfather’s security training content. It’s different, it’s funny, and it’s effective. 2. The expertise and trust of people who know whereof they speak – Mimecast’s Awareness Training was developed by top leadership from the U.S. military, law enforcement, and intelligence community and is trusted and endorsed by people with deep knowledge of cybersecurity challenges and first-hand experience addressing them – including a former director of the FBI and a former SVP and CSO for AT&T. 3. Real-time, predictive risk scoring – Scoring is applied at both the employee and organizational level and is based on comparison with millions of industry data points. You’ll know where to focus your resources and time, so you can reduce risk and maintain the highest possible level of organizational security awareness. 4. Real-world resilience – Mimecast puts an end to “spray and pray” training by allowing you to target groups at the greatest risk with specialized and personalized training. You can make the awesomeness of the limited resources at your disposal stretch farther and have a greater impact than ever before. 5. Comprehensive cybersecurity capabilities with a single solution - Mimecast Awareness Training is fully and seamlessly integrated with Mimecast’s full suite of email security, web security, and enterprise information archiving solutions, giving you the option to deploy a single, cloud-based solution to address all your cybersecurity needs. Engage employees as an active part of your defense, instead of your biggest risk. 1 Identify your riskiest people and stop them before they make a mistake. 2 Apply limited training resources where they are needed most. 3 Three Key Steps, One Amazing Solution With Mimecast Awareness Training, You Can:
  • 7. www.mimecast.com | © 2018 Mimecast ALL RIGHTS RESERVED | 7 Solution Brief GL-1852 The Mimecast Difference Mime|OS The Mimecast Security Operations Center Mime|OS is the multi-tenant, native cloud operating system that underpins all Mimecast products, delivering an integrated solution and serving as a global immune system for thousands of customers worldwide. This unique platform delivers high performance while also driving continuous innovation so customers always have the most sophisticated, current protections in place. It provides: • Continuous threat assessments derived from 40+ third-party feeds and detection engines • Multi-layered inspection processes • Real-time blocking of malicious content • A global deployment footprint • 100% availability service levels • Simplified integration via a robust API • Enterprise-wide visibility World-class security with all the cost, confidence, and convenience of the cloud – that’s what Mime|OS delivers. The Mimecast Security Operations Center (MSOC) is staffed by security experts whose sole focus is to help you stay ahead of attackers by continuously monitoring, optimizing, and enhancing Mimecast’s solutions. The MSOC is: • Always on – Monitoring Mimecast solutions 24x7, 365 days a year • Always monitoring – Collaborating with third-parties, partnering with customers, and keeping a constant eye on the threat landscape • Always improving – Conducting research into the behavior and strategy behind attacks; driving continuous adaptation. The MSOC gives you access to the best and brightest minds in cyber-resilience, all dedicated to helping keep your business safe. “I’ve been involved with enterprise security awareness for decades, and have barely found anything as compelling and fun as the content from Mimecast. Their video approach is an amazing way to move culture, and I suspect CISOs will really like their emphasis on risk analytics as well.” William Hammersla Chairman, Utilidata Fmr CSO, Forcepoint and Fmr President, Raytheon Cyber Products Mimecast (NASDAQ: MIME) makes business email and data safer for thousands of customers with millions of employees worldwide. Founded in 2003, the company’s next-generation cloud-based security, archiving and continuity services protect email and deliver comprehensive email risk management.