Mumbai:
WatchGuard Technologies, Inc. (NASDAQ: WGRD), provider
of network security solutions, has launched a tool to
help security administrators evaluate their users' awareness
of email-borne threats. Initial deployments have revealed
that while users are, on the whole, less apt to open suspicious
email attachments than IT administrators might expect.
Part
of WatchGuard's ongoing cybersecurity education efforts,
ClickAware is a free policy compliance assessment tool
that allows mock viral emails to be created and sent to
individuals or groups of users within an organisation's
own domain. Security administrators can choose from five
templates that simulate common socially-engineered attacks
to quickly create an email for internal use.
If
recipients click on the attachment, instead of unleashing
the threat on the network, they simply receive a friendly
message reminding them of the dangers of opening unexpected
attachments. ClickAware also aggregates the number of
click-throughs and allows IT managers to compare their
users' awareness rating against the average of all those
in other organisations who have used ClickAware.
An
analysis of the first batch of ClickAware messages sent
by IT managers (more than 6,500) revealed that the majority
of users recognise viral emails and are suspicious of
attachments. On average, only five per cent of users who
received the mock email threats clicked on the attachment.
This
suggests that users are more security savvy than IT managers
expect: in an earlier survey, WatchGuard found that only
seven per cent of IT managers believe their users follow
security policies to the letter and 46 percent believe
their users don't even try to work securely.
Users
were, however, less able to recognise two of the simulated
emails as security threats, giving IT administrators insight
on where to focus ongoing security awareness and education
efforts. One entitled 'Re: Thanks' requiring users to
open a password-protected document that appears to be
business-related was opened by 16 per cent of the recipients.
The other, entitled 'Mail Transaction Failed' tempted
13 per cent of users to open the attachment.
The
most widely distributed email was entitled: 'Apply this
Microsoft Patch Immediately', indicating that IT managers
believe their users are more likely to fall victim to
a threat masquerading as a vendor patch than any other.
However, users again demonstrated their vigilance, with
only one percent clicking on the attachment.
"Although
the majority of users treat suspicious emails with caution,
it only takes one click to unleash an attack on the network,"
said John Stuckey, vice president of marketing at WatchGuard.
"Organisations therefore need to ensure they have
technology in place that offers zero-day protection against
unknown threats. But, just as importantly, security administrators
need to be sure that policies are understood and that
users are constantly updated on emerging threats. Since
we know that this can be a challenge for often overburdened
IT staff, we designed ClickAware as a tool that can
be deployed quickly and easily to help pinpoint areas
where users might need more security awareness education
and training."
|