Every security leader faces the same conundrum: even as they increase their investment in sophisticated security orchestration, cybercrime continues to rise. Often security seems to be a race between effective technology and clever attack methodologies. Yet there’s an overlooked layer that can radically reduce an organization’s vulnerability: security awareness training and frequent simulated social engineering testing.
According to Verizon’s 2018 Data Breach Investigation Report, 93% of data breaches are linked to phishing and other social engineering incidents. These criminals successfully evade an organization’s security controls by using clever phishing and social engineering tactics that often rely on employee naivete. Emails, phone calls and other outreach methods are designed to persuade staff to take steps that provide criminals with access to company data and funds.
Each organization’s employee susceptibility to these phishing attacks is known as their Phish-prone™ percentage (PPP). By translating their risk into measurable terms, leaders can quantify their breach likelihood and adopt training that reduces their human attack surface.
