said their employees are held accountable for cyber security2
is the root cause of most data breaches3
of organisations face phishing and social engineering attacks5
experienced phishing and social engineering attacks last year6
Depending on where your customers are, getting hit with a cyber attack can lead to consequences with the EU, State of California or Singapore. In the last few years, regulatory measures have been implemented to protect personal data, such as the GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act) and the PDPA (Personal Data Protection Act) in Singapore. If you are caught having leaked consumer data, you can be held liable even if you did not do it intentionally.
Knowing the details of the GDPR, CCPA and PDPA as well as training your staff to spot phishing or social engineering attacks can save you from paying harsh penalties.
In Singapore, organisations that breach PDPA may be ordered to stop collecting/using/disclosing the compromised personal data, destroying collected data, and possibly paying up to $1 million in fines7
According to Ponemon’s Ninth Annual Cost of Cybercrime Study, the first step to unlocking cyber security value is to invest in employee education, as people are the weakest link in cyber security. All employee should be trained because all it takes for a company to suffer from a cyber attack is one credential leak.
In a world where just about everything is now online and accessible, teaching employees how to have good cyber hygiene is critical to business continuity and stable operation against cyber threats.
1, 2, 4, 5 Ponemon’s Ninth Annual Cost of Cybercrime Study, 2019
3&6 Ponemon Institute’s 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses, October 2019
7 PDPA – Enforcement of the Act — https://www.pdpc.gov.sg/Overview-of-PDPA/The-Legislation/Enforcement-of-the-Act
Phishing and social engineering are problems that are not going away anytime soon. Companies should begin implementing regular, routine training programs to reinforce skills for detecting and avoid interaction with these scams. Doing this training once will not cut it. Training should be done regularly to see trends of improvement or stagnation amongst employees. Without repeated training, there is no way to identify if the problem is getting better or worse.
The more similar the test is to a real phishing attack the better. Cyber criminals put in extra effort to entice employees to open their phishing emails so training should mimic those social engineering behaviors used by cyber criminals. Those creating the phishing training should evaluate phishing email scams they have seen before and investigate the commonalities in them. Find out what emails your employees are interacting with and engage them with a similar email.
Phisherman Alert! is our in-house phishing campaign developed to test employees’ susceptibility to Business Email Compromise (BEC) scams and aims to cultivate good cyber hygiene among employees to combat data breaches. The campaign offers a first-hand realistic spear phishing email experience to test your employees’ behaviour, review their skills, and repeat this process to continually improve your employees’ readiness to combat the latest phishing threats.
An effective test involves a realistic first-hand spear phishing campaign. We achieve this by offering various templates and customisations to craft emails that are related to your organisation’s functions and needs, creating a simulated and authentic phishing experience.
We compile data from the simulated phishing campaign and deliver a report which details the number of employees who fall for the phishing attempt and more. This report helps you to implement targeted strategies to educate your employees and improve their behaviour, serving as evidence of their cyber security awareness.
To truly create a culture of security, employees have to be repeatedly tested and evaluated for continual improvement. We offer the option to re-engage Phisherman Alert! for regular testing, and we also provide supplementary training to strengthen your employees’ readiness in combating the latest phishing threats.