Initial results of ClickAware application use show that, while users are surprisingly savvy about e-mail security threats, there is still a need for ongoing user education
WatchGuard Technologies, Inc. (NASDAQ: WGRD), a leading provider of network security solutions, has launched a tool to help security administrators evaluate their users’ awareness of email-borne threats. Initial deployments have revealed that while users are, on the whole, less apt to open suspicious email attachments than IT administrators might expect; there is still a critical need to keep security issues top-of-mind.
Part of WatchGuard’s ongoing cybersecurity education efforts, ClickAware is a free policy compliance assessment tool that allows mock viral emails to be created and sent to individuals or groups of users within an organization’s own domain. Security administrators can choose from five templates that simulate common socially-engineered attacks to quickly create an email for internal use. If recipients click on the attachment, instead of unleashing the threat on the network, they simply receive a friendly message reminding them of the dangers of opening unexpected attachments. ClickAware also aggregates the number of click-throughs and allows IT managers to compare their users’ awareness rating against the average of all those in other organizations who have used ClickAware.
An analysis of the first batch of ClickAware messages sent by IT managers (more than 6,500) revealed that the majority of users recognize viral emails and are suspicious of attachments. On average, only five percent of users who received the mock email threats clicked on the attachment. This suggests that users are more security savvy than IT managers expect: in an earlier survey[1] , WatchGuard found that only seven percent of IT managers believe their users follow security policies to the letter and 46 percent believe their users don’t even try to work securely.
Users were, however, less able to recognize two of the simulated emails as security threats, giving IT administrators insight on where to focus ongoing security awareness and education efforts. One entitled ‘Re: Thanks’ requiring users to open a password-protected document that appears to be business-related was opened by 16 percent of the recipients. The other, entitled ‘Mail Transaction Failed’ tempted 13 percent of users to open the attachment.
The most widely distributed email was entitled: ‘Apply this Microsoft Patch Immediately’, indicating that IT managers believe their users are more likely to fall victim to a threat masquerading as a vendor patch than any other. However, users again demonstrated their vigilance, with only one percent clicking on the attachment.
“Although the majority of users treat suspicious emails with caution, it only takes one click to unleash an attack on the network,” said John Stuckey, vice president of marketing at WatchGuard. “Organizations therefore need to ensure they have technology in place that offers zero-day protection against unknown threats. But, just as importantly, security administrators need to be sure that policies are understood and that users are constantly updated on emerging threats. Since we know that this can be a challenge for often overburdened IT staff, we designed ClickAware as a tool that can be deployed quickly and easily to help pinpoint areas where users might need more security awareness education and training.”
ClickAware is available at http://www.watchguard.com/products/clickaware/index.asp.
About WatchGuard Technologies, Inc.
WatchGuard is a leading provider of network security solutions worldwide, delivering integrated products and services that are robust as well as easy to buy, deploy and manage. The company’s Firebox X line of expandable integrated security appliances is designed to be fully upgradeable as an organization grows and to deliver the industry’s best combination of security, performance, intuitive interface and value. WatchGuard Intelligent Layered Security architecture protects against emerging threats effectively and efficiently and provides the flexibility to integrate additional security functionality and services offered through WatchGuard. Every WatchGuard product comes with an initial LiveSecurity Service subscription to help customers stay on top of the security landscape with vulnerability alerts, software updates, expert security instruction and superior customer care. For more information, please call (206) 521-8340 or visit www.watchguard.com.
WatchGuard, LiveSecurity, Firebox, and ClickAware are either registered trademarks or trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other trademarks are the property of their respective owners.
Contacts:
Vikki Tan
LEWIS PR for WatchGuard
+65 6557 2440
+65 9188 9925
[email protected]
Eunice Choy
LEWIS PR for WatchGuard
+65 6557 2440
+65 9656 6703
[email protected] End.