The Persistence of Human Error
When successful cyberattacks are analyzed, they typically have one thing in common – some user, somewhere, did something that could have been avoided. Despite the most advanced protection and best threat intelligence, most organizations remain vulnerable because of one key factor: human error.
By now, we’re all well acquainted with the troubling statistics that back this up. Research indicates that 85% of breaches involve a human element. Phishing alone is present in 36% of breaches.1 Ultimately,
the average successful data breach will burden organizations with over four million dollars in remediation costs.2
What makes people such an easy target for
cyberattacks? In short, it’s the tendency of humans
to be just that – human. Our mistakes are often
innocent and avoidable, caused by either a lack of
knowledge, lack of attention, or lack of concern.
But people aren’t just the weakest link in the chain,
they’re also one of your organization’s most valued
assets. The need to protect our employees has
never been greater.
Ineffective Training, a Losing Bet
Unfortunately, the security industry is inundated with training providers who do little to engage or inspire your employees. There’s a tendency to trivialize this kind of training. But the damage it causes is real.
Ineffective training assigned half-heartedly in the spirit of “checking a box” is a guaranteed losing bet. When employees are not equipped with the right tools – knowing what to look for or what to do when a threat arises – it’s only a matter of time before a mistake is made.
What’s more, this kind of training often relies on
fear to drive results. That might work for a time,
but eventually people become desensitized and
unresponsive to this approach. Is that really the
best way? Not in our view.
Cybersecurity for Humans
Mimecast helps companies protect their employees, intellectual property, customer data, and brand reputations by providing comprehensive, cloud-based security and compliance solutions that mitigate risk and reduce the cost and complexity of creating a cyber-resilient organization.
Our Awareness Training platform equips security leaders to counteract and reduce the risk of human error across their organization, targeting risky behavior and transforming employees into an active part of defense, by:
-
Providing the best, most engaging content in the industry – People don’t just ‘like’ our training – they love it. We drive engagement and results that are difficult to match.
-
Deploying training persistently, but not intrusively – Our content develops the highest level of organizational security awareness in under three minutes a month, a fair request of your busy employees.
• Fostering empowerment – We help build a human firewall by giving all employees a stronger sense
of individual empowerment for protecting the organization.
• Leveraging the power of integrated email
security – Human error is the primary driver of
email security incidents. Mimecast reveals true
email security posture by tying together real-world
user behavior and Awareness Training performance
to effectively mitigate the risk of phishing.
Welcome Continuous Risk Reduction
Mimecast Awareness Training drives behavior
change and risk reduction through a holistic
and continuous cycle of security awareness
programming. To ensure a lasting and positive
shift in company security culture, we focus on
four key areas.
1) Engaging Training
Mimecast Awareness Training delivers exceptionally engaging, video-based training modules – developed by professionals from the TV and film industry. These modules take a best practice, micro-learning approach, driving learning retention in short, digestible blocks. The best part? Employees don’t dread our content. They look forward to it.
Engagement and entertainment are core to our training strategy. We take complex topics and make them fun and understandable – from ransomware, phishing, and impersonation fraud to regulations and privacy rules.
Training with Mimecast is continuous, providing memorable and comprehensive learning to all users on a monthly basis. Every year, we create over 20 new modules across security topics to keep content fresh for your audience.
2) Real-World Assessment
Key to the success of any training initiative are the tools used to measure progress. For awareness training to have a tangible impact, it needs to be more than a box-checking exercise. That’s why Mimecast tracks indicators that inform real, root causes of people-driven risk, including sentiment, engagement, knowledge, and human error.
Sentiment
Before training even begins, and every
subsequent six months, we establish a security
sentiment baseline by asking every user how
seriously they view threats and their overall
level of security concern.
Engagement
Real-World Assessment
Change Behavior, Reduce Risk
Engagement reveals your employee’s relationship to Awareness Training by reporting any risk based on outstanding modules, how quickly a user responded to assigned training, and if the user followed the module through to completion.
Knowledge
Each module concludes with a single question that gets straight to the heart of the lesson at hand, an exercise that has a massive impact on information retention and overall awareness.
Human Error
An employee clicking a malicious link could be one of the costliest behaviors facing your organization. Fortunately, simulated phishing is a simple and effective solution for pinpointing risky behavior, raising threat awareness, and reducing your entire organization’s tendency to click unfamiliar links.
We deliver especially impactful simulated
phishing exercises with SAFE Phish. Through
integration with Mimecast Email Security, SAFE
Phish safely converts known phishing attacks
targeting your very own users into ready-made
simulations. This empowers you to dynamically
simulate your organization’s own threat landscape
with de-weaponized attacks from the wild,
transforming a threat actor’s worst intentions
into a powerful teachable moment for your users.
And if you’re interested in crafting your own
phishing simulations, we’ve got you covered. Our
Awareness Training platform enables you to easily
customize a simulation or choose from a library of
prebuilt templates.
3) Comprehensive Risk Scoring
A major limitation of many training programs is the “one-size-fits-all” approach. No two employees
are the same. There are some people in your organization who have a knack for spotting attacker
techniques. Others, not so much. Based on role and varying levels of access and responsibility, everybody
tells a different risk story. Your awareness training should reflect this reality and raise actionable risk
insights accordingly.
SAFE Score
A best-in-class security awareness solution should also put your valued data to work for you. With Mimecast SAFE Score’s predictive modeling capabilities, we do just that. SAFE Score leverages our unique ability to analyze real-world click behavior observed through Mimecast Email Security and your users’ interaction with the Awareness Training platform (measured by Sentiment, Engagement, Knowledge, and Human Behavior).
0.4
0.3 Represents Truly Risky
Behavior
0.2 0.1% 2.1% 13.6% 34.1% 34.1% 13.6% 2.1% 0.1% 0.1
With millions of data points, the SAFE Score algorithm identifies the riskiest components of your organization. We assign easily discernable letter grades ranging from A-F at both the individual and organizational level. This output provides a simple classification for employee risk based on one’s deviation from the average level of risk. Naturally, the riskiest 3% of employees in your organization represent a very real
security concern.
4) Targeted Remediation
With employee SAFE Scores in hand, the question
of where to focus your efforts is answered. By
directing training to those who need it most, you
can dramatically improve outcomes and substantially reduce risk. This kind of targeted, remedial training
is critical to the Awareness Training feedback loop.
Keen attention in this area serves as one of the primary drivers of Mimecast Awareness Training program
strategy. For example, your organization’s risk scores might justify more frequent training for specific
users or groups. Your findings could also prompt specialized one-on-one coaching for highly targeted
VIP users, or you might reconsider policies and system permissions altogether for high-risk users with
privileged access.
Why choose Mimecast Awareness Training?
• The best, most engaging content in
the industry. Mimecast isn’t your same old
security training content. It’s different, it’s
funny, and it’s effective.
• Real-time, predictive risk scoring.
Fully integrated with Mimecast Email Security,
Awareness Training delivers actionable insights
from the top attack vector. Our predictive
scoring is applied at both the employee and
organizational level and is informed by millions
of behavioral data points. You’ll know where
to focus your resources and time, so you can
reduce risk and maintain the highest possible
level of organizational security awareness.
• Real-world resilience. Mimecast puts an end to “spray and pray” training by equipping you to target at-risk employees and teams with specialized and personalized training. Ready your employees against real phishing attacks targeting your organization with our SAFE Phish integration.
• Comprehensive cybersecurity capabilities
with a single solution. Mimecast Awareness
Training is fully and seamlessly integrated
with Mimecast’s full suite of security solutions,
giving you the option to deploy a single, cloud-
based solution to address a broad range of
cybersecurity needs.
Key Capabilities
-
Highly engaging and relevant training videos created by professionals from the entertainment industry
-
Best-practice, micro-learning approach that delivers digestible content to all users every month
-
Easy-to-use assessment tools, intelligent risk scoring capabilities, and millions of industry data points converge to track organizational progress
-
20+ new video modules a year to ensure content stays fresh and relevant
-
Real-life, de-weaponized simulated phishing exercises enable you to target and remediate organizational risk
