Does Your Human Firewall Have Open Ports? Find Out Before the Bad Guys Do!

Dec 23, 2021

Security is the IT topic on everyone’s mind.  From, boards of directors, to the end user, and everyone in between, cyber security threat is a topic that has potential to greatly affect us all.  As everyone who works in the technology industry will know, keeping the company’s security posture high, is a multi-faceted challenge for IT professionals.  Implementation of modern security technology and monitoring solutions is one side of the equation that it teams need to address.  But the flip side, which is equally important, is the human factor, and associated risk of social engineering that comes with each and every IT user.  Not only is social engineering a large risk factor for business security, but it is also fast becoming a contributing factor for Cyber Security insurance, both from an eligibility, also insurance premium perspective, with some insurance companies withdrawing insurance cover if businesses can not prove they conduct end-user Cyber Security awareness training programs with their staff.

Over time the bad guys have worked out, that it is easier to trick people into giving out their credentials or inadvertently installing malware in the environment, than it is to get around modern day security technologies, and they are therefore increasingly focusing their efforts on credible social engineering campaigns such as Phishing, and other techniques with ridiculous titles such as Vishing and Smishing.  Short of disconnecting from the internet, there is only one way to counter the ever-increasing social engineering threat, that way is to implement end user awareness training and testing.

There are a few different products that specialise in Cyber Security end user awareness training, and we at Softsource vBridge have evaluated several of them, as part of considering which product to endorse for our managed Cyber Security User Awareness Campaign service.  Having evaluated the market in this space, we believe the best value and most comprehensive user awareness package is offered by KnowBe4.  KnowBe4 combines ongoing user awareness training with simulated social engineering campaigns that help end users understand the different types of social engineering, how to spot them and also actively test users over a sustained period of time.  Outputs and metrics will be presented to IT management, so they understand where to focus their efforts in relation to targeted user training.

Knowbe4 has four levels of service, each with an increasing amount of training content, social engineering functionality and reporting ability.  Customers who elect to manage the deployment and ongoing support of the user training and campaigns themselves, can choose what level of the product they want to enter the service at.  Conversely if a customer prefers not to manage the solution, we at Softsource vBridge have a managed service offering, which utilizes KnowBe4 as the base product of the managed service and we will fully deploy and manage the solution on behalf of the customer.  To be eligible to adopt our manage service, the customer needs to procure either the Diamond or Platinum Knowbe4 service offering as we utilize the features that are only included in these levels in our managed service.

The matrix of the different levels of the product is included in the figure below.


Description automatically generated

The Softsource vBridge Security Awareness Training manged service consists of deploying the solution, development of base level testing, ongoing user awareness phishing campaigns, and reporting.  The table below details the in-scope activities of our managed service:


Description automatically generated with medium confidence

If you company has budget for Cyber Security, (which we would strongly recommend in the current climate), one of the actions at the top of the list that gives great return on investment, is a robust Cyber security User-awareness campaign.  I can’t empahsise enough, how important it is to have end users empowered with the knowledge of how dangerous cybercrime is and to have the skill to mitigate the risk of social engineering.