Hornetsecurity proposes Security Awareness Service, an advanced and fully automated and structured benchmark to raise employee awareness.
Proper user training is the essential basis for corporate security. Today, part of the threats to information security come from within. The “attacks” that occur in this way can come from disgruntled or unfaithful employees, but more and more often from “uninformed” users who, in a non-malicious way, represent a problem for information security.
According to analyzes by the World Economic Forum – The Global Risks Report 2022, 95% of all cybersecurity incidents are caused by human errors.
These uninformed users, with simple and seemingly safe actions such as visiting websites that they are infected with malwareanswer to e-mail di phishing or keep their access credentials to systems in an unsafe area, can cause information leaks that are very costly for the victims of these threats. These threats represent a consistent danger for all companies that possess sensitive data, whatever they are and whatever size the company has, whatever its application market or geographical location.
The human factor, more than technology, is the key to providing an adequate and appropriate level of security. The employees of a company as “key” are an asset on which it is right and necessary to pay particular attention. An effective company-wide awareness and training program is essential to ensure you define and understand your security responsibilities, organizational policies, and how to adequately protect the resources assigned to them.
For a “security program” to work, you need to look beyond those responsible for security and recruit people across the organization to serve as contributors.
Security Awareness Service
Often, for enterprises, adopting a Security Awareness platform represents a significant effort in terms of time and resources for SEC-OPS teams. It can take a lot of time and resources. With its own solution, HornetSecurity wants to satisfy the requests of companies and promote training and security in an integrated and easy to use/manage way.
The platform includes a Awareness Benchmarking intelligente, called ESI (Employee Security Index). It is a proprietary benchmark capable of measuring and comparing the safety-related behavior of employees across the enterprise. The continuous analysis allows to identify individual e-training needs and specific paths for each user.
Not only that, the Hornetsecurity Awareness engine is able to automatically define dedicated content for the training of individuals or groups. In this way, it is possible to develop targeted training activities and quickly bring the whole team to the same level of knowledge and awareness about threats.
To better prepare the workforce present in the company, HornetSecurity has developed a highly flexible Spear Phishing Engine, capable of simulating numerous realistic and up-to-date email phishing scenarios. This component acts as a “true attacker” and adopts various psychological manipulation factors as well as publicly available company data and employee information to make the simulation realistic.
The Spear Phishing Engine recreates different phishing difficulty levels and is capable of launching controlled simulation sessions.
In this way, employee training can be easily automated and monitored in a unified way by security teams (Awareness Dashboard).
Following a process of e-training it is therefore possible to distribute activities based on relevant e-learning contents, or activate the “booster” function, for users who require intensive training. Through the centralized dashboard, you can enable real-time monitoring of all training statistics and receive reports with history and forecasts.
Security Hub
Hornetsecurity Security Awareness Service includes a multilingual hub that provides centralized access to all e-learning content, as well as an individual phishing simulation assessment for each user.
To motivate users, the platform leverages an approach of gamification-like and pushes operators to continue to obtain ever better results.
As an overall evaluation term, the system incorporates and produces an overall, defined index Employee Security Index. In this way, the company can be assessed concretely based on the behavior of the workforce in the face of targeted attacks. The standardized and transparent measurement of security behavior refers to the company, but also to groups and individual users, for an objective analysis that allows implementing the most suitable actions to raise the level of security.