The Challenge. While email as a mode of communication represents a major vulnerability for any organization, academic institutions are especially susceptible. Colleges and universities tend to be open organizations that involve many internal and external constituents, including but not limited to students, faculty staff, administration, researchers, alumni, vendors, contractors, the media and the community at large. When considering all of the audiences involved, and the hundreds of thousands of emails that are sent regularly, the risks from ever-more-deceptive social engineering techniques as well as masked viruses are naturally multiplied. The Solution. Ray (CIO) switched gears, looking for a fully managed service offering rather than handling all of the phishing training operations in-house. In engaging CybeReady, he found a service provider that truly made a difference in employee behavior ‘towards phishing attacks, and did all of the heavy lifting. “Their team has saved me a lot of time and effort from security administration here, and in our second year with them continues to do so,” he noted. What previously would take half of a workday to set up is now done automatically, as managers no longer have to spend hours preparing campaigns, selecting recipients or sending test messages.  The Result. The university is currently in its 16th campaign, where it has seen a sharp decline (over x5) in ‘serial clickers’ (the organization's high-risk group) as well as those who only ‘occasionally take action with a phishing email. “at our request. CybeReady raised the difficulty of our latest campaign, and although the number of users who click has risen, we can see that overall, our faculty and administration are learning,” Ray said. “The system is definitely working and has generated much stronger awareness across the campus of email as a pervasive threat." “One of the other things I like about CybeReady's systems its comprehensive dashboard,” he added. “That I get all the info in one place where I can pull insights about our progress and any areas of weakness, which I use when making future campaign decisions.

An executive who leads security efforts from the Office of the CIO at Ayalon Insurance knows that exposure to hackers could lead to total catastrophe within seconds. “In the past year, we’ve come to understand that it really doesn’t matter how many technology tools or system safeguards we have in place to defend ourselves; identifying a threat will ultimately fall upon a human being’s shoulders, every time. The firewall and antivirus blocking software we’ve put in place will work, of course. Eventually, however, if a hacker wants to find a way in, then he or she can by baiting our personnel in ways that unknowingly grant access to these criminals.” Ahuvia explained. The Result. Once Ayalon Insurance began working with CybeReady, it was clear to Ahuvia that his staff were being tested using a very sophisticated, covert approach. “CybeReady’s learning pages are very effective,” Ahuvia noted. “By the statistics, we can see that people are paying attention; they’re reading the material. As for their performance in the simulations, it’s definitely improving over time. We can see very clearly that people are much less likely now to click on a phishing scam than they were before we began working with CybeReady. In fact, we can see that those who used to click on almost every phishing email they received have done a complete 180—they don’t click anything now.” In cyber security, staying on top of the latest trends means having a distinct advantage over hackers. A deep understanding of the most recent phishing scams isn’t only helpful; it could mean the difference between a business being vulnerable or successfully thwarting an attack. “We’ve found that the CybeReady team is very knowledgeable about phishing scams happening all around the world; they’re bringing current practices to us before they’re arriving in our inboxes,” Ahuvia said. “When we hear of an attack that happens, we want to know that we already simulated it here and that people are not only aware, but trained to handle it.”

Yaron Weiss, Payoneer's VP Corporate Security and Global IT Operations, has been leading the company’s security efforts since 2014. With steady increase in phishing attacks, Weiss realized the high-risk potential from Payoneers’ insider threat - its employees. Before learning about CybeReady in 2016, Payoneer used a different phishing simulation solution for its 1.200 employees for just one year. That solution required resources and training expertise that Payoneer's IT team didn't have, and despite the considerable effort that went into the program it generated a total of two email campaigns in a full year. With random training efforts and no proper training methodology driving the process, employee behavior didn't seem to change. The Solution. When Weiss saw CybeReady's autonomous training platform product demo, he was immediately sold. “CybeReady’s solution addressed all the challenges ‘we were facing at the time.” he said, “itis fully managed and offers each employee continuous, training in their own inbox and their native language’. CybeReady utilizes a proven methodology, powered. by Machine Learning. It offers a minimum of 12 phishing simulations to each employee annually, and itis customized, localized and adaptive to each, employee’ performance. Weiss decided to switch to CybeReady within aweek. Getting started was fast and easy - CybeReady offers a cloud solution that takes three quick steps and a total of one hour to integrate: 

• Export the company's address book
• Whitelist a short list of domains
• Approve 1st campaign

The Result. Weiss started noticing the difference in employees’ behavior towards phishing attacks pretty quickly. Using CybeReady’s real-time customer dashboard, he looked at two main KPI

• Employee Resilience Score - more than tripled within the first six months and increased by over 7x over the two years of training with CybeReady.
• Serial Clicker Rate - The Employee High Risk Group has converted to high performing as the % of serial clickers out of all employees was reduced to almost -0%.

CybeReady also provides the Payoneer security team with weekly, monthly and quarterly reports they can easily share with Management. Payoneer's executives appreciate the robust business intelligence features and the ability to track progress. In addition to the progress seen “on the dashboard’, Weiss indicated that his team noticed change in employee behavior “in real life’: “We can actually see a correlation between the graphs and the results on the ground: When we run ‘red team’ drills, our employees now report phishing very quickly and you can see how this has become very important to them.” Weiss pinpoints the key factors to a successful employee training program from his experience: “I've been using phishing simulations for Payoneer employee training for three years now.” he said, ” and I can say that the most important factor to success is continuity - training each and every employee month after month consistently and repeatedly” In terms of ROI, the program has easily paid for itself. “We are paying the same as we did to the previous vendor, but getting significantly more value.” said Weiss. 

Access to sensitive information has made the healthcare industry a preferred target for hackers. Training employees effectively against phishing methods remains the strongest line of defense. The Challenge. An information security executive from a major countrywide healthcare network in Israel is all too familiar with this balancing act. He cites fraud as a major concern for his organization, as well as those of his peers in the industry. “We’re particularly concerned about the types of fraudulent activities that ultimately lead to transactions and money transfers taking place,” he said. “Cryptoware, or ransomware, as it is commonly called, is a virus that hackers use to encrypt all of the data on your hard drive. They then require organizations to pay a ransom in order to decrypt your information, effectively holding your files hostage.” Imagine this worst-case scenario for information security professionals: attacks rendering critical files inaccessible grind all business operations to a halt, leaving organizations with few options once attacked. The Results. “Our selection process involved testing three different systems. We eventually chose CybeReady, and here’s why: they not only increased our employees’ awareness, they offered a service that was unmatched by their competitors. CybeReady’s program runs on its own, which means that I don’t have to invest my time or that of my team in operating or configuring attacks. It literally involved zero effort on our part.” The company’s level of service was apparent even during the early days of the engagement. “Service from other vendors didn’t come close to this; what had previously taken me up to three weeks annually now involved little more than a few hours a month, at most. I knew that I could trust CybeReady, and have heard colleagues in the industry who chose them say the same.” The executive cautions others to consider the difference between training and awareness programs. “There are a number of phishing options that appear to have comparable training content and expertise. The differences are often only visible after several months of reports indicate a marked change in employee behavior. As CybeReady’s phishing attacks changed form over time, the organization’s employees responded more intelligently than they had before. Few other options, if any, also offer the availability and attention possible from CybeReady.” “The level of employee engagement in our case was very high compared to other methods I used in the past.”