Articles in this section

7.2 - Q2 - Pipeline - 2021 - Security

fjkfjwfqal
  • Updated
Follow

Jobs

20 hour project - Education

  • Creating Webpage
  • 5 hours
  • Plan and Interview
  • Timeline
  • 20 hours
  • 5 hours - Plan 6/3 - morning
  • Folder created 7.2.6.1
  • Assets/images
  • Public
  • Webclient
  • 5 hours - Do
  • 5 hours - Check
  • 5 hours - Adjust
  • Create folder
  • Listening practice content
  • Voice menu content - recorded 1 minute
  • Text content
  • Speaking practice content
  • Voice menu content - recording 5 minutes
  • Text content
  • Reading content
  • Voice menu content - recording 1 minute
  • Text content
  • Picture Description
  • 30 min
  • Games
  • Listening practice - 1 min speech
  • Speaking Practice
  • Picture Description - Pick animal A or animal B
  • Reading Practice
  • Q & A
  • How many problems - 5 problems
  • Text
  • Images
  • Video
  • Audio
  • Creating voice menu
  • Creating user path

 

Create 6 pages

  1. Front page 1
  2. Voice menu pages (5)
  3. Email

 

 

DNS Dumpster

 

5 Jobs per Day

 

Decommissioning

EoL Projects

 

 

Work and Home

Audit

How much time do you have for security?

How much time do you think is necessary?

Meeting Setup and Purpose

To improve security awareness for members of an organization

Behavior audit

What do you want your security to be? What’s your goal?

 

I want to be safer, but I think the odds of getting hacked are low

I think my risk is high because of my job

I think my risk is medium because I use my work computer for personal tasks as well as work.

 

What do you want your organization’s risk to be? What’s your goal?

 

 

 

 

Part-time role

Security as a Service

Goal is to improve online safety and reduce risk and impact of a cyber incident by preparing in advance through planning and research.

 

Asset Inventory

  • Settings Check
  • Home PC
  • Online accounts
  • Mobile
  • Personal/Family
  • Physical
  • Personal / Family
  • Network
  • Time
  • Behavior

 

Check trackers - CC Cleaner

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Security and Risk

 For Security & Risk Professionals

https://reprints.forrester.com/#/assets/2/1794/RES150755/reports

 

In our 23-criterion evaluation of security awareness and training (SA&T) providers, we identified the 12 most significant ones — Cofense, CybSafe, Elevate Security, Infosec, Inspired eLearning, Kaspersky, KnowBe4, MediaPRO, Mimecast, PhishLabs, Proofpoint, and Webroot — and researched, analyzed, and scored them. This report shows how each provider measures up and helps security and risk (S&R) professionals select the right one for their needs.

 

 

 

Company

US URL

Japan URL

Cofense

https://cofense.com

https://cofense.com/japan/

Cybsafe

https://www.cybsafe.com/

 

Elevate Security

https://elevatesecurity.com/

 

Infosec Institute

https://www.infosecinstitute.com/

 

Inspired eLearning

https://inspiredelearning.com/

 

Knowbe4

https://www.knowbe4.com/

 

 

 

 

 

 

 

 

Behavior And Culture Change And Global, Positive Content Are Key Differentiators

As traditional training becomes less effective by alienating users and as personal cybersafety becomes critical, S&R pros seek solutions that focus on behavior and culture change, global support and localization, and positive, hopeful content. Vendors providing these capabilities position themselves to deliver unique, engaging experiences to customers, ingraining good cybersafety behavior in users' personal and professional lives.

BEHAVIOR AND CULTURE REIGN SUPREME OVER AWARENESS AND PUNISHMENT

The security awareness and training market is full of legacy vendors whose offerings are out of date and out of touch with users. Vendors have done a remarkable job of training users to understand security risks by enriching their solutions with extensive content libraries, administrative features, and assessments measuring all manner of user failures. However, CISOs now recognize that this tight focus on creating awareness falls short at changing long-lasting behavior. Organizations with strong security cultures have employees who are educated, enabled, and enthusiastic about their personal cybersafety and that of their employer. Successful vendors help CISOs create and foster a good security culture, making security part of the vision and values of everyone in the organization.

But truly changing behavior and fostering a security culture requires extensive psychological research, behavioral science, data science, and creative learning. Successful vendors deliver the ABCs of security: awareness, behavior, and culture. Look for providers that truly understand how training contributes to your overall security culture and don't just check the training requirement box.

Choose vendors that create positive content with inclusive, clear, and compelling images and that engage users with alternative content types like gamification, microlearning, and virtual reality (VR). Some vendors offer true gamification that involves teams, competition, and advanced graphic design, engaging discerning audiences on a deeper level than multiple-choice tests or phishing simulations.

S&R pros in multinational companies or those with operations outside of the US should look for vendors that provide content in a variety of languages, have support centers in all of the regions where they have operations, and localize their imagery and messaging. The best vendors know that their content must speak to all users — and that requires different styles for every region.

Leaders

  • KnowBe4's enviable platform is powered by business strategy excellence. KnowBe4's vast security content library is packed with multiple types of training, including award-winning videos like "The Inside Man." The solution includes 1,000 training modules from 10 different content producers, 3,500 phishing templates, and a culture assessment. The vendor delivers an engaging learner experience that meets different learner preferences. Customers can upload their own SCORM-compliant training into the platform. (see endnote 1) To further expand its content coverage and ability to measure security culture, KnowBe4 has made several acquisitions, including video production company Twist & Shout and security culture measurement firm CTRLe. It delivers content via the ModStore software-as-a-service platform; dashboard functions, reporting features, learner badges, and the Automated Security Awareness Program tool help customize the training plan.
  • KnowBe4 conducts business hygiene activities that produce comprehensive, forward-thinking, customer-centric offerings including transparent employee KPIs that flow all the way to the CEO; a department dedicated to managing hypergrowth; and a global team tasked with thought leadership and industry engagement. Reference customers were happy with the service provided by KnowBe4's customer service managers and the vast array of training options. They cited clunky reporting, a confusing tiered access model, and the extra cost of customization as weaknesses. If you are after a comprehensive security awareness program tailored to how your employees like to learn, work with KnowBe4.
  • CybSafe's solution focuses on changing behavior. A newcomer to the SA&T market, CybSafe's mission is to help organizations address human risks more effectively instead of just training employees. Its solution focuses on changing user behavior by providing support and assistance. It does this by applying behavioral and data science to understand user behavior and intervene appropriately when it detects potentially unsafe acts. CybSafe's data segmentation goes beyond training completion rates; it also lends insight into employees' security confidence and their adoption of cybersafe behaviors such as the use of stronger passwords.
  • CybSafe takes a strategic, long-term approach to behavioral and cultural change. The solution's "Friends and Family" feature allows employees to extend the lessons they've learned outside of the organization. CybSafe's content is accredited by GHCQ and IISP to ensure its technical integrity and uses the Flesch-Kincaid Grade Level assessment to ensure that it's readable for nontechnical people of all ability. (see endnote 2) Customer references noted that CybSafe lacks a significant content library and has limited language options, but they appreciate the vendor's excellence as a partner, listener, and collaborator. Organizations willing to embark on a security culture journey that approaches SA&T in a modern and even revolutionary way should engage CybSafe.
  • Infosec combines customer delight with an evolving modern solution. Long-established global vendor Infosec continues to evolve instead of becoming trapped by its success. The Infosec IQ platform covers a broad range of security topics and receives frequent updates with new content. Content types include videos, microlearning, and computer-based training (CBT) modules that last anywhere from 10 seconds to 10 minutes. Customers' program managers can define each training exercise's length and learner completion dates. Managers can also assign training automatically and map a security awareness strategy for the calendar year.
  • Infosec has a clear, extensive go-to-market strategy and is fully committed to the importance of behavioral and cultural change. While Infosec IQ provides more effective training by recommending security training instead of forcing it, the platform stops short of enabling cultural change; in fact, its vast content library may confuse customers. To help customers select the correct content for their organization, Infosec has put a recommendation-based learner experience and easier content visualization on its roadmap. Customer references were delighted with Infosec's service levels, people, and senior management. They noted that, without the excellent service from the vendor's support and leadership teams, Infosec IQ could easily be replaced as a commodity. Organizations looking for a dedicated partner to extend their security awareness function should work with Infosec.
  • Elevate Security is disrupting the SA&T market with a new training approach. Offering customers a departure from ancient cybersecurity employee training rhetoric, Elevate uses behavioral science, specifically the concept of social proof, to influence behavioral change. (see endnote 3) The platform provides insights to measure and understand risk and "nudges" users to adjust their behavior. To do this, the platform ingests data on security behaviors from various tools and measures changes in behavior after training (e.g., adoption of password managers or VPN connections). The vendor's nudging concept provides gentle reminders and motivates users by showing them their cybersafety status relative to the community.
  • Elevate Security's "Hacker's Mind" is the only true, active gamification exercise we saw in our evaluation. The platform is modern, engaging, and easy to use. Elevate's messaging goes against the industry norm by employing positive language and inclusive imagery, rather than shame, to encourage users. However, the solution cannot be extended outside of the organization, and the vendor's roadmap lacks clarity. Reference customers mentioned bugs, instability, and a limited feature set as shortcomings but understand that Elevate's quirks are due to its newcomer status and are not a sign of trouble. Engage Elevate Security if you have a mature security team that has identified specific behaviors that need changing and wants to use gamification to engage users.
  • Inspired eLearning differentiates with VR courses and empowerment. Instead of scaring users into following rules, Inspired eLearning styles its content using adult learning theory and psychology concepts designed to reinforce information retention. Rather than relying on traditional cybersecurity imagery, its solution uses learning studies as a base to ensure that all information it shares will stick with the learner. The content covers basic cybersecurity best practices for work and home. Inspired eLearning adapts its graphics and language for different cultures to serve a global audience. Its VR offering puts users through a physical security course so they can experience security incidents firsthand in a low-risk environment.
  • Inspired eLearning's 2020 plans include gamification techniques that give users insight into a hacker's mindset and an enhanced security culture index. Customer references emphasized the platform's ease of use and course management as top qualities, although they also struggled with the text editor and delayed email notifications and want more microlearning videos. Organizations that are looking for an easy-to-use platform with interactive training should prioritize Inspired eLearning.

Strong Performers

  • Proofpoint leverages its threat and tech roots for a more targeted training experience. Proofpoint uses threat intelligence as an input to its phishing simulation, email analysis, and response solution. The platform can integrate with Proofpoint's email security offering to mark groups of "very attacked people." With these integrations, the vendor targets training based on user knowledge, phishing simulation, assessment results, and real-world threats. Proofpoint plans to automate in 2020. It localizes content and translates it into 38 languages; content can also be customized. The product offers many types of content, and users can complete training on any connected device.
  • Proofpoint has a clear roadmap focused on threat intelligence integration, creative and more extensive educational content, and program support. Customers can customize training content with a "learning science evaluator" that checks that the length and amount of content is appropriate. Reference customers noted that the content is well-crafted, short, and threat-led, although they said that user management is difficult. They also noted that the SA&T works best if you already use Proofpoint's secure email gateway. Proofpoint is a great fit for organizations that have already invested in Proofpoint's technology and are looking for an integrated, data-driven experience for SA&T.
  • Mimecast humanizes security with engaging content. In 2018, Mimecast extended its range to people security by acquiring Ataata and releasing the Mimecast Awareness Training (AT) by Ataata SA&T offering. Hosted on Amazon Web Services, the platform's nonintrusive training methodology uses humor and microlearning principles. AT offers training in seven core security content categories, delivered by two main characters, "Human Error" and "Sound Judgement," who bring much-needed humanity and entertainment to the SA&T topic. The platform educates through short viral videos, real-world testing, and risk scoring.
  • Mimecast videos engage both security and nonsecurity employees. Users and their families talk about the lessons they learned and how fun they are. Some users have gone so far as to dress up as the characters for Halloween and invite them to board meetings and company events. Customer references are excited to use a nonconservative approach and note that employees now regularly discuss security. However, some were unhappy with the complex product rollout in large organizations and the lack of question customization. Organizations that believe that humor can work in their environment and understand the value of engaging employees with entertaining content should use Mimecast.
  • Webroot focuses on MSPs and SMBs. Following its acquisition by Carbonite, Webroot's security awareness platform is part of a combined set of data protection and cybersecurity solutions. The company has presence in multiple regions, including the US, EMEA, Japan, and Australia/New Zealand. Webroot targets managed service providers (MSPs) and small and medium-size businesses (SMBs). Its training content, which follows microlearning principles, covers a small number of topics and compliance areas, with a strong focus on phishing.
  • Webroot's user interface is tidy and easy to navigate; however, the dashboard doesn't provide insight into user behavior or culture beyond basic completion statistics. The product roadmap is clear but focuses on catching up with the market, not racing ahead of the competition. Specifically, Webroot is only now considering implementing risk scoring — by early 2021. Customer references liked the engaging content and the platform's ease of use and cost, although they cited challenges with reporting and wanted more automation of training paths. Small to midsized enterprises that want an easy-to-use phishing simulation platform should engage Webroot.

Contenders

  • Cofense's pioneering phishing simulation now feels clunky and monofocused. One of the largest, most established players in the phishing simulation market, Cofense rebranded from PhishMe in 2018 around the same time as it was acquired by a consortium of private equity firms. As an early entrant, PhishMe helped to establish the phishing education market. Cofense uses prebuilt playbooks to automate phishing simulations; customizing HTML content is a product strength. One of its key differentiators, the Reporter button, enables employees to report phishing emails to their security operations center with a simple click in their email client. Cofense's roadmap, strategy, and offering focus on protecting users from phishing attempts.
  • Cofense has a mature and respected phishing simulation product, with a clear roadmap for rebuilding its user experience. However, it has no plans to expand its focus beyond phishing. Customer references indicate that they need to engage a separate vendor to cover the full extent of SA&T capabilities and limit their use of Cofense to phishing simulations. The UI and content imagery are clunky and dated; gamification is limited to automated quizzes. Reference customers were happy with the coverage of phishing scenarios and quantifiable metrics, although they were unhappy with Cofense's acquisition, which transformed the vendor from a valued partner to a large, profit-focused vendor. Cofense is best suited for organizations that want to run phishing simulations, but not broader security awareness and culture change.
  • Kaspersky extends its technical offering with security CBT. Kaspersky's new awareness product fills a gap in its technical product lines to address the human element. The Automated Security Awareness Platform is a fully automated solution that targets SMBs that lack cybersecurity or learning expertise. Kaspersky also has an integrated solution for enterprises. The product has global reach and is sold in more than 60 countries. Kaspersky aims its training at multiple stakeholders; for example, its Interactive Protective Simulation targets senior managers and its Security Awareness Platform focuses on employees.
  • Kaspersky's key differentiator is its automated individual learning paths, which can send targeted training to specific individuals at specified time frames. However, the interface, reporting, and content are standard at best and alienating at worst. The content includes an outdated view of the security world, featuring padlocks and men wearing bowties or hoodies and negative messages like identifying the weakest link. Customer references were happy with the support, the content length, and automated communications; they noted the lack of topic and question customization and difficulty in adding users to the platform as areas for improvement. Small organizations looking for a large content library and an automated solution should consider Kaspersky.
  • MediaPRO envisions changing culture but falls short on execution. MediaPRO provides a traditional solution for security awareness and training using a vast library accessible via the TrainingCenter learning platform and a suite of out-of-the-box TrainingPacks. MediaPRO provides content in a variety of modalities including eLearning modules, microlearning, videos, and articles. Customers can deploy content in their existing learning management system (LMS), in MediaPRO's LMS, or on other web-based platforms.
  • MediaPRO strives to correct today's SA&T problems with targeted training and engaging, modern content. However, MediaPRO's training content is far from modern or engaging, as it's wordy and incorporates stock, noninclusive corporate images and severely dated graphics. Reference customers were happy that MediaPRO can customize content but expressed frustration at having to pay for that customization. Organizations with a conservative corporate environment that want to deliver a traditional security experience should consider MediaPRO as a partner.

Challengers

  • PhishLabs offers a phishing-focused, managed services approach. PhishLabs provides security awareness training as a managed service; each client is assigned a training manager who mobilizes the service. Customers have little or no control over their program other than through the PhishLabs training manager. The vendor goes to market via a direct sales model targeting predominantly North American companies. PhishLabs plans to integrate email incident response with its portal and offer co-management of the campaigns, further strengthening its status an awareness provider focused on email security.

PhishLabs' content employs a dated, culturally neutral content style that lacks the ability to engage nonsecurity practitioners. It delivers content via nanolearning and microlearning principles. PhishLabs aims to take the hassle out of security awareness for its customers by managing the entire process; however, this approach makes it difficult for organizations that want more control over their training with customization they can implement themselves. Reporting is available and metrics can be obtained from the portal, but customer references noted that the platform was too messy to create ideal reports. PhishLabs is ideal for organizations that want a vendor to guide them through a phishing-focused security awareness program.

 

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk