Deploying a Security Awareness Training Programme for Cyber Security – Case Study
Key Takeaways
⇨ Implementing the KnowBe4 security awareness platform reduced phishing attacks from 18% to 4.5% in one year.
⇨ Turnkey Consulting provided a cost-effective and scalable solution through continuous, automated training campaigns and phishing simulations.
⇨ The use of practical, hands-on training methods significantly improved employee engagement and awareness in recognizing and reporting phishing attempts.
A cyber threat intelligence assessment carried out by Turnkey Consulting had identified a risk to the customer’s operations from external threats. The risk of phishing would have a devastating impact on the organisation’s service supply chains, attacking the organisation via employees’ emails. Once phishing occurs, the employee has a choice to either avoid or report the incident. It was therefore critical to provide the right training to staff to be able to identify phishing attacks. A targeted staff training needs analysis together with automated campaigns were required to safeguard the business and its systems.
The client did not have the time or resources to undertake security training or the ability to respond to the fast-paced and changing threat environment, where no subject was off limits to vulnerability exploitation attempts. It could not justify hiring an additional FTE for a security awareness function that might result in irregular workload. On top of this, the organisation lacked the governance and understanding around how a security awareness programme framework should be structured and managed.
As a professional services organisation with multiple blue-chip clients, the organisation is integrated in its own customers’ landscapes and therefore needs to uphold the very best security standards to build and maintain trust. It is essential that the organisation trains all of its staff in security, implementing the right user behaviour and driving a more cyber-aware culture.
Explore related questions