Corona Time, is Phishing Time

Corona Time, is Phishing Time

When you open the newspaper, turn on the TV or radio, you hear at least once about Corona and the current pandemic. So it is almost impossible to avoid this topic unless you are on a desert island with no connection to the outside world.

Since this topic is on everyone’s lips and it is natural to read and be informed about it on a daily basis, it is also a feast for the cyber criminals. Through targeted phishing attacks that come incorrectly from the World Health Organization or from other senders who are more in focus these days, such as Amazon or DHL, are currently the best door openers for hackers to outsmart companies or their employees in order to turn out extreme money to promote. Because the criminals are well aware that the next salary is just a click away.

But what can you do about it? Of course, companies take the most diverse measures to reduce the risk to 0% as much as possible, but you will never achieve this value. Why this is so is relatively easy to answer, because most attacks take place through the greatest vulnerability, namely humans. Machines are not as easy to get around as humans.

It is therefore essential to train the employees of his company and to draw attention to the fact that such phishing attacks are in circulation. Not an easy task, considering that this is just one component of many that IT security officers have to dedicate.

Classically, employees are trained through annual or semi-annual training in the form of web-based training or face-to-face training. While this is not the best method out there, it is still better than not to train, which is what many companies do.

The big problem with these rare trainings, which take place once or twice a year, is as with any schooling / training that doesn’t take place continuously. The knowledge imparted simply disappears over time. The forgetting curve of Prof. Ebbinghaus shows that after 20 minutes only 60% of the recorded text can be called up. After 60 minutes, the forgetting curve increases, so that the call quantity is 45% and after 24 hours it is 34%. After 6 days, the forgetting curve comes to 23%. Only 15% of the texts learned remain saved.

It is therefore absolutely necessary to train your employees permanently in order to equalize the effect of Ebbinghaus. But you should also find a good middle ground here and not overdo it. In our experience, one training session per month is sufficient for every employee to achieve a higher residence.

In addition, the training should take place directly at the workplace, for two reasons:

Sending your employees in training costs you money on the one hand for trainers, preparation, rooms, etc. On the other hand, your employees cannot do their daily business during this training period, which in turn entails high costs.

Practical relevance:
Phishing attacks occur directly at the workplace and not in a training room. It is about getting the employees into practice right away. It could be compared to obtaining a driver’s license. Imagine learning days and weeks for your theoretical driver’s license exam and (in theory) knowing everything that goes with traffic signs, mechanics of the car, traffic rules, etc. This is fantastic when you have built up all of the knowledge, but it is now about putting it into practice. This means that if you are the best theorist, you will find it of very little use if you are in a car for the first time because you have never driven before. You only learn to drive a car by driving yourself. Just like with all other things. You only know how to deal with certain topics if you have both theory and practical experience. Therefore, it is incredibly important that you train your employees on the scene and thus establish the practical relevance.

If all of this sounds logical to you, you have already made good progress in building a human firewall that can ward off all attacks in the future. But that all sounds like a lot of effort. And you are absolutely right. Training employees permanently with current topics or simulations is extremely complex. Especially when you are responsible for 300 (no upper limits) employees for the whole company. Because it is not only enough to train employees permanently and in a practice-oriented manner, your employees must also have the right learning content at the right time. Filtering that out is almost impossible for the homosapiens.

We would like to give you a solution on the way that can relieve you of all these decisions and trainings. It is a young and very dynamic company from Israel, the heart of security solutions on our beautiful planet. Cybeready has developed a solution that lets you do all the work on the above. Points decreases 100%. The machine decides which learning content is sent to which employee and when. In addition, reports are created automatically after each campaign. So you have no more effort. The only thing you have to do is download the report with a click and present it to the board, that’s it!

There is an artificial intelligence behind this solution that always adapts to the learning curve of the individual employee. In addition, trainings are sent at least 12 times a year, directly at the workplace. The trainings last a maximum of 2 minutes and are also entertaining and motivating.

In the background, a large and worldwide team is always working on configuring the latest attacks so that they are always at the cutting edge. What is more, every simulation is available in 36 languages, which ensures that your employees receive the training in their mother tongue.

To learn more about this unique solution, contact us today! Or visit our page that explains the solution. Product page