Anti-phishing and security specialist Wombat Security Technologies announced the launch of its Social Engineering training module to defend against social engineering threats, including spear phishing and social media-based attacks.
The training module is the latest module available in Wombat's Security Training Platform that helps companies foster a people-centric security culture and provide security officers with education tools, including the ability to stage mock attacks on employees for the purposes of training, and provide library of training modules to educate and reinforce concepts.
The training explains the psychology behind social attacks and gives practical tips for recognizing and avoiding them. Commonly defined as the art of exploiting human psychology to gain access to buildings, systems or data, Wombat said social engineering is evolving so rapidly that technology solutions, security policies and operational procedures alone cannot protect critical resources.
"Based on the sheer volume and creativity of attacks waged against unsuspecting and under-educated employees, it is clear that something must be done to shore up this gaping hole in corporate defenses," Wombat Security President and CEO Joe Ferrara said in a statement. "Maintaining the status quo is no longer a sustainable option, as organizations cannot afford to spend increasing amounts of time, money and resources responding to these types of cyber-attacks."
The module allows security officers to take a baseline assessment of employee understanding, help employees understand why their security discretion is vital to corporate health, create a targeted training program that addresses the most risky employees and/or prevalent behaviors first, empower employees to recognize potential threats and independently make correct security decisions and improve knowledge retention with short interactive training sessions.
A recent Check Point-sponsored survey revealed that 43 percent of the IT professionals surveyed said they had been targeted by social engineering schemes. The survey also found that new employees are the most susceptible to attacks, with 60 percent citing recent hires as being at “high risk” for social engineering, and only 16 percent were confident they had not been targeted by social engineering, while 41 percent were not aware if they had been attacked.
The survey also found just 26 percent of respondents do ongoing training and 34 percent do not currently make any attempt to educate employees, although 19 percent said they have plans to. When asked to rate their level of awareness of the potential security threat of social engineering attacks, IT professionals reported a high degree of awareness (86 percent), with 39 percent describing themselves as aware and 47 percent as highly aware.
"Wombat helps companies promote a people-centric security culture that provides ongoing training to consistently inform employees about the latest security threats. Fighting attacks against the human mind requires behavioral changes more than technology defenses," Ferrara said. "We recommend a combined approach of simulated social engineering attacks coupled with interactive training modules to deliver the best result. Incorporating our continuous training methodology can be the difference between a five-alarm data breach and a quiet night at the office."