COVER STORY
point for bad actors to infiltrate the
organisation’s IT systems. One wrong
click on a malicious link or phishing email
poses a colossal risk to the organisation.
Solution
Fortunately, the board clearly
understood the risks of phishing attacks
and gave their Chief Information Security
Officer, Carl Baron, the green light to
take the necessary measures to improve
the company’s cybersecurity. In his
plan, security awareness was made a
priority. While Baron had worked with
other vendors in the past, he ultimately
elected to go with the services offered
by KnowBe4. This includes security
awareness training as well as a
simulated phishing platform.
Unlike many other security awareness
providers, KnowBe4 stood out as the
best contender because it treated SIG
as a valued partner. KnowBe4 listened
to every one of Baron’s concerns and
tailored the ideal plan for SIG.
Knowing that SIG’s employees would
not respond with much enthusiasm
to a repetitive course, KnowBe4
overcame this with a dynamic and
inspired training plan built from multiple
creative houses. It also ensured that
each training module lasted no longer
than 10–15 minutes, which helped
to maintain employee engagement.
Moreover, the content was offered in a
range of languages which complimented
SIG’s multinational nature. In this way,
Baron was essentially offered a buffet
of choices which he could choose from
to create the most appropriate training
plan for each geographical area of
the business. Baron was pleasantly
surprised to find that KnowBe4’s price
point was very competitive.
Implementation
The implementation of KnowBe4’s
training programme was as easy
as Baron’s decision to take it on as
SIG’s security awareness provider. It
is installed as a platform from which
he can prescribe various training
modules to employees on a regular
basis, as well as conduct simulated
phishing tests on them. In addition,
he receives monthly reports tracking
progress among employees. This
allows Baron to demonstrate to board
members, with measurable results, the
improvements he has made to SIG’s
overall security hygiene.
Results
The results for SIG since the
implementation have been phenomenal.
While the first round of tests revealed
that nearly one-third of the company
(32%) was prone to falling for phishing
attempts, since using the platform
that number has been drastically
reduced to just 7%. This makes
Baron’s goal to reduce the percentage
to 4% this year very achievable. After
all, as this percentage drops, the
business undoubtably becomes
safer from cyberattacks.
Baron has also been able to prove the
value derived from the platform through
monthly measurements and metric
reports which cite the number of people
who have been trained, which specific
KnowBe4 stood
out as the best
contender because
it treated SIG as a
valued partner.
campaigns have been completed,
the number of people who have been
phished as well as how many are
susceptible to being phished.
With these statistics, Baron can then
continue to tweak and customise the
content he selects for the next month’s
training, all while resting assured that the
multi-language content would operate
easily in the respective geographical
regions and respect various privacy
regulations. If, however, he ran into any
complications, the KnowBe4 team was
quick to provide support, of which Baron
asserts is ‘second to none’.
We caught up with Carl Baron, CISO,
SIG, to discover more about the solution
and how it has provided an abundance of
benefits for SIG’s operations.
How do you ensure that SIG
can consistently operate with a
robust cybersecurity approach?
From an awareness perspective, I
have tried to move SIG away from
powerpoint-based training and the
‘click next’ approach. At the beginning
of COVID, I created a beta test group
for KnowBe4 content, using the Inside
Man on a bi-weekly basis to provide
consistent training materials that almost
make employees forget that it’s training.
The response was phenomenal. The
Netflix-style episodes are engaging and
aren’t burdensome to complete. We
really used COVID as an opportunity
to train people while operations were
stopped due to the pandemic, even
with people on furlough, as we were
still allowed to provide training. It’s not
overwhelming and we can provide other
training through Restricted Intelligence
52 Issue 29 | www.intelligentciso.com