‘Serial Clickers’ are putting your organization at risk, can they be ‘cured’?
Approximately 90% of enterprises have been hit by a cyberattack, with 96% of all data breaches starting with a phishing email. These numbers remind us of the role employees play in keeping the organization safe, while also keeping many executives up at night.
Every organization has employees who are “quick on the trigger” – their reaction to phishing emails is uninhibited, mostly due to a lack of proper education about the risks of phishing attacks and adequate training on how to identify them. CybeReady categorizes those employees who are the most prone to fall prey to the next phishing attack as “Serial Clickers” – or “High Risk Group”.
A recent CybeReady study with over 100 enterprise customers showed that Serial Clickers represented over 20% of employees when they first started using our training platform. Sounds scary, right?
Our Solution – A Scientific Approach to Mitigating Human Errors
The good news is that a proper “rehab” program can not only “cure” most Serial Clickers but can turn them into cybersecurity champions. CybeReady’s machine learning powered platform implements an adaptive, personalized, engaging and continuous learning approach, which eliminates the risky behavior.
How does it work? Our continuous training methodology generates enough accurate data points to distinguish users who randomly click on phishing simulation emails from those ‘Serial Clickers’ who demonstrate consecutive failures and require special attention. Once we are able to classify behavior into risk groups, we can train each group based on its place on the learning curve, and reduce the overall risk.
This is achieved by utilizing the following:
- Just-in-Time Learning – CybeReady’s training methodology utilizes the “golden moment” across the organization – a learning page that pops up when clicking on a malicious email immediately highlights the ‘red flags’ employees failed to notice – all via a simple, engaging, localized content.
- Timely Reminders – In addition to the immediate training experience, Serial Clickers are sent timely reminders to reinforce the learning and modify their click habits.
- Adaptive Difficulty Level – Phishing Email difficulty factors are key in the employee learning experience – when a simulation is being selected for a specific employee, their past performance is calculated to determine which simulation they should receive next. This technique has special significance when dealing with the Serial Clickers group.
- Adjusted Learning Frequency – Serial Clickers will receive more frequent phishing simulation emails for as long as they are categorized as part of the “high risk” group. Once they show improvement, they will be put back on the routine monthly training regimen.
Back to CybeReady’s customer study – remember those 20% Serial Clickers? If we look closely at our data, we can see that after just 12 monthly campaigns, results were astonishing: four out of every five Serial Clickers had converted into “high performing” (low risk) employees. This is equivalent to a decrease of 83% in the Serial Clickers group.
Identifying the ‘high risk’ group without delay and automatically delivering timely training is key in changing the group’s behavior. When training large scale enterprises – even with a large dedicated team – the amount of data involved in properly analysing and categorizing each employee and then providing the necessary personalized training, is simply more than the human brain can handle.
CybeReady’s autonomous training platform does it all. For your organization, working with CybeReady means turning Serial Clickers into high-performing employees and reducing the overall organizational risk via a significant and consistent change in employee behavior towards phishing attacks.