said their employees are held accountable for cyber security2
is the root cause of most data breaches3
of organisations face phishing and social engineering attacks5
experienced phishing and social engineering attacks last year6
Depending on where your customers are, getting hit with a cyber attack can lead to consequences with the EU, State of California or Singapore. In the last few years, regulatory measures have been implemented to protect personal data, such as the GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act) and the PDPA (Personal Data Protection Act) in Singapore. If you are caught having leaked consumer data, you can be held liable even if you did not do it intentionally.
Knowing the details of the GDPR, CCPA and PDPA as well as training your staff to spot phishing or social engineering attacks can save you from paying harsh penalties.
In Singapore, organisations that breach PDPA may be ordered to stop collecting/using/disclosing the compromised personal data, destroying collected data, and possibly paying up to $1 million in fines7
According to Ponemon’s Ninth Annual Cost of Cybercrime Study, the first step to unlocking cyber security value is to invest in employee education, as people are the weakest link in cyber security. All employees should be trained because all it takes for a company to suffer from a cyber attack is one credential leak.
In a world where just about everything is now online and accessible, teaching employees how to have good cyber hygiene is critical to business continuity and stable operation against cyber threats.
1, 2, 4, 5 Ponemon’s Ninth Annual Cost of Cybercrime Study, 2019
3&6 Ponemon Institute’s 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses, October 2019
7 PDPA – Enforcement of the Act — https://www.pdpc.gov.sg/Overview-of-PDPA/The-Legislation/Enforcement-of-the-Act
Phishing and social engineering are problems that are not going away anytime soon. Companies should begin implementing regular, routine training programs for employees to reinforce their skills to detect and avoid interaction with these scams. Doing this training once will not cut it. Cyber security awareness training should be done regularly to see trends of improvement or stagnation amongst employees. Without repeated training, there is no way to identify if the problem is getting better or worse.
The more similar the test is to a real phishing attack the better. Cyber criminals put in extra effort to entice employees to open their phishing emails so training should mimic those social engineering behaviours used by cyber criminals. Those creating the phishing training for employees should evaluate phishing email scams they have seen before and investigate the commonalities in them. Find out what emails your employees are interacting with and engage them with a similar email through phishing simulators.
Phisherman Alert! is our in-house phishing campaign developed to test employees’ susceptibility to Business Email Compromise (BEC) scams and aims to cultivate good cyber hygiene among employees to combat data breaches. The campaign offers a first-hand realistic spear phishing email experience to test your employees’ behaviour, review their skills, and repeat this process to continually improve your employees’ readiness to combat the latest phishing threats.
An effective test involves a realistic first-hand spear phishing campaign. We achieve this by offering various templates and customisations to craft emails that are related to your organisation’s functions and needs, creating a simulated and authentic phishing experience.
We compile data from the simulated phishing campaign and deliver a report which details the number of employees who fall for the phishing attempt and more. This report helps you to implement targeted training strategies to educate your employees and improve their behaviour, serving as evidence of their cyber security awareness.
To truly create a culture of security, employees have to be repeatedly tested and evaluated for continual improvement. We offer the option to re-engage Phisherman Alert! for regular testing, and we also provide supplementary training to strengthen your employees’ readiness in combating the latest phishing threats.
An organisation’s employees are its first line of defence against cyber threats such as phishing. They are the ones who have the most direct access to company data and systems. As such, they are in a unique position to unwittingly expose the company to risk.
However, simply telling employees to be on the lookout for suspicious emails is not enough. Phishing simulators like our Phisherman Alert! campaign can provide a hands-on way for employees to better understand how these scams work and how to avoid them in the future. You can then provide additional training to improve their cyber security awareness. Through frequent trainings, businesses can help to protect themselves from potentially devastating attacks.
In today’s increasingly connected world, cyber security is more important than ever. At CSIntelligence, we take a holistic approach in helping businesses build their cyber resiliency, through our Phisherman Alert! campaign. This service is just one part of our commitment to safeguard organisations of all sizes in the ever-changing digital landscape. Apart from increasing cyber security awareness through phishing stimulators, you can also reach out to CSIntelligence for Endpoint Detection and Response, web application pentesting, forensic IT services and more solutions.
Contact us today to learn more about how we can help you bolster your defences against cyber attacks, starting with effective phishing training for employees.
+65 977 24 999
CS Rescue
298 Tiong Bahru Road
#12-03 Central Plaza
Singapore 168730