My advice would be, whether you use this solution or not, do something. This one will take so little time and effort that you'd be hard-pressed to find alternatives within the same cost constraints.
Director at a construction company with 10,001+ employees
Real User
2021-12-01T16:46:00Z
Dec 1, 2021
We have not implemented any supplementary training but we are looking to do so. The vendor has another offering called Continuous Awareness Bites (CAB), which is a continuous stream of email tips that come into your inbox every couple of weeks. We're working on implementing that now. Both the Blast and the CAB products look to be very good. I think they're still working on the management statistics and I've fed back a little bit of how I think they could be improved, but it's not really a major deal. My advice for anybody who is looking into this solution is that it's a very good service and they're very willing to help. Getting things set up with them is straightforward. But as a prospective customer, you need to do some work to make sure that the phishing simulation gets through your various email filters effectively. You must also make sure that your staff knows about it and that it's a positive learning experience. It's not there as a test or a punishment. It's meant to be a positive learning experience. We did that and it landed pretty well. The only other thing is that if your staff isn't used to reporting suspicious emails, then you need to tell them how to do it, because certainly during the early days, I think lots of our staff didn't quite know what to do with it all. We told them, but just managing to get that word out there as to how to report took a little time. Make sure there is plenty of communication with your staff before you turn on the phishing simulation so that they know it's coming, know why it's coming, and know what to do with it. In our case, we wrote to every single user and said, "This is coming. This is designed to help you to learn to spot phishing emails at work and at home. We hope you will find it useful." We explained that it wasn't a test for them and we promoted it via our internal social media, really trying to make sure everybody knew about it. Overall, this is a really good product but there is always room for improvement. I would rate this solution a nine out of ten.
Domain Head IT Governance & Security at Euroconsumers
Real User
2021-10-25T12:57:00Z
Oct 25, 2021
Unfortunately, we are not going to continue with CybeReady, but that doesn't mean that in the future we will not come back and do another year with CybeReady. The only reason we are stopping has to do with our strategy, not because we are unhappy with the product. We plan to stop using them for 2022 and continue with a different approach for training and awareness. Based on the results that we obtain from this change in approach during 2022, we will review where we stand and see if we can continue with that approach or if it makes sense to come back to CybeReady. We actually started a training and awareness problem inside our organization at the same moment that we contracted with CybeReady. So I can't say, "Before our contract with CybeReady we spent, for example, a lot of time preparing the company for training and awareness, whereas with CybeReady we didn't have to do that and we had time for other tasks." But I am aware that we need a lot of time to prepare this kind of activity. That's one of the reasons we contracted with CybeReady. We didn't have enough people on our team to internally support a program like CybeReady. In terms of the functionality and features, CybeReady has everything that we need and I believe that is true for most companies.
Believe in the approach, where the emails don't need to be overly hard or difficult and in fact its the every day looking type emails that get people to click. Its the regular activity that is often the route in. Even though CybeReady's emails can look 'basic' sometimes, that is because that is like the emails you get every day in a work place and the scammers know that. So it snot always about high gloss look and feel. CybeReady do that balance of the different sorts of emails well and the balance, to allow us to show people that it is often every day activity type emails that are just as risky. I would rate CybeReady as nine out of 10.
Director of Cyber Security at Central Bottling Co. Ltd.
Real User
2021-10-12T09:01:00Z
Oct 12, 2021
It's a must-have solution. It's very helpful. It doesn't require any special effort. Managers like to see numbers and CybeReady gives them statistics about employees who clicked at the beginning of the campaign versus the end of the campaign. In my previous company, we gave gifts to employees who never failed during the campaign. For employees who failed, we sent them a message saying, "Be more careful. We want you to understand what's wrong, and the significance of not opening suspicious email." Sometimes employees said they were not careful and that is why they behaved as they did. At the end of the day, it gives you peace of mind that the area of awareness is covered. I think it would be a good idea, from time to time, to send out a short email about the results of the campaign. For example, we sent 3,000 emails and there were 300 clicks on it. This is important so that people understand that someone is watching them. Of course, the solution is working, and it gives them a "smiley" if they succeed or the opposite if they fail. But I want them to know that it's not a game. At my level, I can see the results and can draw conclusions about employee behavior and figure out what else I can do. But I want the users to know that they should be more careful. It's not enough to have this ongoing routine. I want something to shake up employees. They must understand that opening a suspicious email could harm the company. While I send them a postcard or a tip with a reminder, from time to time, to teach them how to behave, I need something else to keep them on their toes. We have several vectors of attack, and one of them is, of course, the employee. We need to put our best efforts into recognizing phishing and malicious code and emails that have attachments with a virus. This is because sometimes, all the automated controls we have in place fail to recognize a threat and it gets through to users. Those people are the last fail-safe, so I need them to be aware not to open it and not to put all their trust in the controls that are in place between them and the internet. Users need to be aware of what they're doing during the workday, such as not opening an email that is not recognized. I emphasize this in the presentations I do for employees, that I need them to be aware and to recognize threats, including not giving their details in a phishing form, which is the most common phishing attack. There are several factors involved in a successful attack, such as mis-configurations and problems in the security support chain. But the human resource, the end-user, is a major factor because email and web browsers are very good attack vectors. Users must understand how to behave regarding both. CybeReady trains them to recognize all the bad things that they can encounter. CybeReady has not reduced our security team's workload. It has increased it, but in a good way because each time users get an email they don't recognize—while most of them are spam and are not malicious—it's good because it means that they are more careful now. That has increased the work of our operations team in checking every mail that they're asked to check to see whether it's malicious or not. But I prefer to work this way as opposed to having people who are ignorant and not reacting to the malicious email that they get. I know the founders of CybeReady. They have a lot of skill in training and awareness. Omer was my trainer when I studied for my chief information security officer certificate. He has a lot of training and teaching capabilities. It's not only about creating phishing emails and sending them. I can do that myself. They provide the statistics through which we can see the improvement of the organization, where it was at the beginning of the first campaign and where it is now, after the 12th campaign. It shows that the system is working. It has an impact. And CybeReady is also thinking about new ideas for campaign scenarios. Sometimes they surprise me with the crazy ideas in the emails. The most familiar are things like "Please reset your password," or "the hard disk is getting full," or "take a look at the picture." But sometimes they have very crazy emails. I don't know where they get the ideas from, but it works. Overall, I'm very satisfied with it.
Security training should not add work to your security team, and should not burden your employees! CybeReady offers the only fully autonomous training platform that makes Security Awareness Training easy and effective for enterprises. Built by cybersecurity training experts, CybeReady’s autonomous learning platform creates an engaging learning experience for employees and enables organizations to run successful and frictionless training. CybeReady’s solution has proven...
My advice would be, whether you use this solution or not, do something. This one will take so little time and effort that you'd be hard-pressed to find alternatives within the same cost constraints.
We have not implemented any supplementary training but we are looking to do so. The vendor has another offering called Continuous Awareness Bites (CAB), which is a continuous stream of email tips that come into your inbox every couple of weeks. We're working on implementing that now. Both the Blast and the CAB products look to be very good. I think they're still working on the management statistics and I've fed back a little bit of how I think they could be improved, but it's not really a major deal. My advice for anybody who is looking into this solution is that it's a very good service and they're very willing to help. Getting things set up with them is straightforward. But as a prospective customer, you need to do some work to make sure that the phishing simulation gets through your various email filters effectively. You must also make sure that your staff knows about it and that it's a positive learning experience. It's not there as a test or a punishment. It's meant to be a positive learning experience. We did that and it landed pretty well. The only other thing is that if your staff isn't used to reporting suspicious emails, then you need to tell them how to do it, because certainly during the early days, I think lots of our staff didn't quite know what to do with it all. We told them, but just managing to get that word out there as to how to report took a little time. Make sure there is plenty of communication with your staff before you turn on the phishing simulation so that they know it's coming, know why it's coming, and know what to do with it. In our case, we wrote to every single user and said, "This is coming. This is designed to help you to learn to spot phishing emails at work and at home. We hope you will find it useful." We explained that it wasn't a test for them and we promoted it via our internal social media, really trying to make sure everybody knew about it. Overall, this is a really good product but there is always room for improvement. I would rate this solution a nine out of ten.
Unfortunately, we are not going to continue with CybeReady, but that doesn't mean that in the future we will not come back and do another year with CybeReady. The only reason we are stopping has to do with our strategy, not because we are unhappy with the product. We plan to stop using them for 2022 and continue with a different approach for training and awareness. Based on the results that we obtain from this change in approach during 2022, we will review where we stand and see if we can continue with that approach or if it makes sense to come back to CybeReady. We actually started a training and awareness problem inside our organization at the same moment that we contracted with CybeReady. So I can't say, "Before our contract with CybeReady we spent, for example, a lot of time preparing the company for training and awareness, whereas with CybeReady we didn't have to do that and we had time for other tasks." But I am aware that we need a lot of time to prepare this kind of activity. That's one of the reasons we contracted with CybeReady. We didn't have enough people on our team to internally support a program like CybeReady. In terms of the functionality and features, CybeReady has everything that we need and I believe that is true for most companies.
Believe in the approach, where the emails don't need to be overly hard or difficult and in fact its the every day looking type emails that get people to click. Its the regular activity that is often the route in. Even though CybeReady's emails can look 'basic' sometimes, that is because that is like the emails you get every day in a work place and the scammers know that. So it snot always about high gloss look and feel. CybeReady do that balance of the different sorts of emails well and the balance, to allow us to show people that it is often every day activity type emails that are just as risky. I would rate CybeReady as nine out of 10.
It's a must-have solution. It's very helpful. It doesn't require any special effort. Managers like to see numbers and CybeReady gives them statistics about employees who clicked at the beginning of the campaign versus the end of the campaign. In my previous company, we gave gifts to employees who never failed during the campaign. For employees who failed, we sent them a message saying, "Be more careful. We want you to understand what's wrong, and the significance of not opening suspicious email." Sometimes employees said they were not careful and that is why they behaved as they did. At the end of the day, it gives you peace of mind that the area of awareness is covered. I think it would be a good idea, from time to time, to send out a short email about the results of the campaign. For example, we sent 3,000 emails and there were 300 clicks on it. This is important so that people understand that someone is watching them. Of course, the solution is working, and it gives them a "smiley" if they succeed or the opposite if they fail. But I want them to know that it's not a game. At my level, I can see the results and can draw conclusions about employee behavior and figure out what else I can do. But I want the users to know that they should be more careful. It's not enough to have this ongoing routine. I want something to shake up employees. They must understand that opening a suspicious email could harm the company. While I send them a postcard or a tip with a reminder, from time to time, to teach them how to behave, I need something else to keep them on their toes. We have several vectors of attack, and one of them is, of course, the employee. We need to put our best efforts into recognizing phishing and malicious code and emails that have attachments with a virus. This is because sometimes, all the automated controls we have in place fail to recognize a threat and it gets through to users. Those people are the last fail-safe, so I need them to be aware not to open it and not to put all their trust in the controls that are in place between them and the internet. Users need to be aware of what they're doing during the workday, such as not opening an email that is not recognized. I emphasize this in the presentations I do for employees, that I need them to be aware and to recognize threats, including not giving their details in a phishing form, which is the most common phishing attack. There are several factors involved in a successful attack, such as mis-configurations and problems in the security support chain. But the human resource, the end-user, is a major factor because email and web browsers are very good attack vectors. Users must understand how to behave regarding both. CybeReady trains them to recognize all the bad things that they can encounter. CybeReady has not reduced our security team's workload. It has increased it, but in a good way because each time users get an email they don't recognize—while most of them are spam and are not malicious—it's good because it means that they are more careful now. That has increased the work of our operations team in checking every mail that they're asked to check to see whether it's malicious or not. But I prefer to work this way as opposed to having people who are ignorant and not reacting to the malicious email that they get. I know the founders of CybeReady. They have a lot of skill in training and awareness. Omer was my trainer when I studied for my chief information security officer certificate. He has a lot of training and teaching capabilities. It's not only about creating phishing emails and sending them. I can do that myself. They provide the statistics through which we can see the improvement of the organization, where it was at the beginning of the first campaign and where it is now, after the 12th campaign. It shows that the system is working. It has an impact. And CybeReady is also thinking about new ideas for campaign scenarios. Sometimes they surprise me with the crazy ideas in the emails. The most familiar are things like "Please reset your password," or "the hard disk is getting full," or "take a look at the picture." But sometimes they have very crazy emails. I don't know where they get the ideas from, but it works. Overall, I'm very satisfied with it.