As a consequence of the ever-increasing cyber threats to businesses of all sizes and economies globally, we are also living in a world of ever increasing legislation. Legislation is aimed at holding companies and government institutions to account so they start doing a better job at protecting company and personal data, their systems and computer networks from the risk of being breached. GDPR in Europe and PoPi act in South Africa are recent examples and which include specific requirements for companies to be conducting Staff Security Awareness Training and Mock Phishing campaigns on a regular basis. In order for companies to meet and demonstrate their legal and regulatory compliance, Cyber Risk Aware provides both canned and self-service reporting using PowerBI. Each company can very quickly produce reports and provide to auditors and internal management how much training has been delivered, how effective it has been over time and where the risk is more pronounced owing to a lack of staff awareness.
The reports and data are exportable, providing deep analysis of failures or lack of awareness at a country, office, department or user level. In providing such detailed analysis, you can focus on the security topics and parts of the business that require the closest attention based on the role they perform for the company, the data they process or the monetary funds they have access to. Risk based decision-making is critical in being able to reduce security risks across the whole of the company. Senior Management get the insight they need to demonstrate the ROI on their investment in training whilst also measuring and tracking security compliance in order to achieve a “meet requirements” result in an internal audit or an external review such as IS027001, NIST, Cyber Essentials, GDPR, UK Data Protection, Irish Data Protection, South African Data Protection, HIPAA, NYDFS or PoPi Act to name but a few.
Often times, after a company has run an internal phishing test and measured how weak or strong their staff are in spotting a phishing email, the first thing that the team running the test wishes to do is share the results. Given the high probability that over 30% and typically up to 70% of staff will fail the initial test, after preparing the report and sharing it with senior execs in order to ask for more budget, the first question that a senior executive will ask is “That great but how do we compare with our peers? Are we worse, better or average?”.
Up until now that has not been an easy question to answer. We at Cyber Risk Aware based on our very own CEO’s experience as a CISO, have created a facility where you can easily and very quickly answer this question using our “Industry Phish Prone Benchmark” report and really impress at your next meeting when you are one step ahead of the question.
"Our IT Security Team have seen a significant reduction in requests from employees checking if an email is something legitimate or spam/fraud as they are now more aware."
"The deployment was very quick and our IT department were extremely impressed with the fact it was non-intrusive and simple to deploy. The ability to generate personalised phishing emails was simple and very effective. I can highly recommend the service."