Strong security defenses involve interplay between technologies, processes and people; but the strongest defensive mechanisms can be effectively compromised by an exploit of the human element. Many case studies of security breaches demonstrate how people without appropriate security awareness training are the weakest link in the security chain.
The damage and cost of a cybersecurity breach can be very substantial. An annual study, conducted by the Ponemon Institute, reveals that the average cost of a data breach in 2018 was $3.86 million globally. In the United States the problem is even more acute with an average cost of $7.35 million in 2017, a 5% increase compared to the previous year.
Cybersecurity breach costs can include:
- Direct financial loss
- Loss of customers
- Breached client records, identity repair, and credit monitoring
- Notification and public relations costs
- Legal fees and regulatory fines
- Cleanup costs and business disruption
The purpose of security awareness training is to give direction on how to protect corporate information and assets in such a way that they are readily available to legitimate users. An investment in security awareness training can be recovered many times over by preventing even one serious security breach. The benefits of this offering include:
How does it work?
Intellect Security uses Intellectmap's patented expert system technology called mapped intelligence to identify security awareness training requirements in the following areas:
- Information classification and protection
- Threat identification
- Physical access
- Server hardening and minimizing
- Firewalls
- Virus detection
- Intrusion detection
- Centralized reporting and analysis
- Vulnerability research
- Security penetration/profiling exercises
- Incident response
- Account management
- Passwords
- Email
- Web browsers
- Web servers, FTP servers and extranets
- Virtual private networks and remote access
- Availability
- Mirror development sites
- Privacy regulation compliance
Social Engineering Testing
Social engineering is the technique of using psychological manipulation to trick people into doing some action that will be to the attackers’ benefit. Social engineering also involves physical access probes designed to gain unauthorized access to a target facility. All corporate personnel and executives should experience benign social engineering testing in order to augment their security awareness training and develop their risk leadership capacities. The aim and “rules” for social engineering testing should be explicitly designed for specific learning objectives both for individuals who experience the testing, and for the organization that can benefit as a whole from the lessons learned. Social engineering tests should never result in the embarrassment of an individual, or the results used by management in any punitive manner that could negatively affect the employee.
Following our training, we may conduct virtual or physical social engineering tests to gauge the awareness of employees. Social engineering tests can involve sending a personalized email spoofing a trusted address (“spear phishing”) that is designed to get the target to download a file with hidden “malware”; a spoofed phone call from a supposed “IT service provider” seeking to elicit password and log-in information; or an attempt to enter facilities while posing as a supposed "delivery person".
