Intelligent CISO Issue 29 | Page 52

COVER STORY point for bad actors to infiltrate the organisation’s IT systems. One wrong click on a malicious link or phishing email poses a colossal risk to the organisation. Solution Fortunately, the board clearly understood the risks of phishing attacks and gave their Chief Information Security Officer, Carl Baron, the green light to take the necessary measures to improve the company’s cybersecurity. In his plan, security awareness was made a priority. While Baron had worked with other vendors in the past, he ultimately elected to go with the services offered by KnowBe4. This includes security awareness training as well as a simulated phishing platform. Unlike many other security awareness providers, KnowBe4 stood out as the best contender because it treated SIG as a valued partner. KnowBe4 listened to every one of Baron’s concerns and tailored the ideal plan for SIG. Knowing that SIG’s employees would not respond with much enthusiasm to a repetitive course, KnowBe4 overcame this with a dynamic and inspired training plan built from multiple creative houses. It also ensured that each training module lasted no longer than 10–15 minutes, which helped to maintain employee engagement. Moreover, the content was offered in a range of languages which complimented SIG’s multinational nature. In this way, Baron was essentially offered a buffet of choices which he could choose from to create the most appropriate training plan for each geographical area of the business. Baron was pleasantly surprised to find that KnowBe4’s price point was very competitive. Implementation The implementation of KnowBe4’s training programme was as easy as Baron’s decision to take it on as SIG’s security awareness provider. It is installed as a platform from which he can prescribe various training modules to employees on a regular basis, as well as conduct simulated phishing tests on them. In addition, he receives monthly reports tracking progress among employees. This allows Baron to demonstrate to board members, with measurable results, the improvements he has made to SIG’s overall security hygiene. Results The results for SIG since the implementation have been phenomenal. While the first round of tests revealed that nearly one-third of the company (32%) was prone to falling for phishing attempts, since using the platform that number has been drastically reduced to just 7%. This makes Baron’s goal to reduce the percentage to 4% this year very achievable. After all, as this percentage drops, the business undoubtably becomes safer from cyberattacks. Baron has also been able to prove the value derived from the platform through monthly measurements and metric reports which cite the number of people who have been trained, which specific KnowBe4 stood out as the best contender because it treated SIG as a valued partner. campaigns have been completed, the number of people who have been phished as well as how many are susceptible to being phished. With these statistics, Baron can then continue to tweak and customise the content he selects for the next month’s training, all while resting assured that the multi-language content would operate easily in the respective geographical regions and respect various privacy regulations. If, however, he ran into any complications, the KnowBe4 team was quick to provide support, of which Baron asserts is ‘second to none’. We caught up with Carl Baron, CISO, SIG, to discover more about the solution and how it has provided an abundance of benefits for SIG’s operations. How do you ensure that SIG can consistently operate with a robust cybersecurity approach? From an awareness perspective, I have tried to move SIG away from powerpoint-based training and the ‘click next’ approach. At the beginning of COVID, I created a beta test group for KnowBe4 content, using the Inside Man on a bi-weekly basis to provide consistent training materials that almost make employees forget that it’s training. The response was phenomenal. The Netflix-style episodes are engaging and aren’t burdensome to complete. We really used COVID as an opportunity to train people while operations were stopped due to the pandemic, even with people on furlough, as we were still allowed to provide training. It’s not overwhelming and we can provide other training through Restricted Intelligence 52 Issue 29 | www.intelligentciso.com