New Wombat Program Helps Retailers Deliver More Effective Security Awareness Training

Share with your network!


Retail organizations have long been a target for cybercriminals seeking opportunities to gain access to valuable credit card and personal information, as well as internal policies and procedures. Our new Security Awareness and Training Program for Retail Organizations is designed to help address the unique cybersecurity and education challenges retail enterprises face on a daily basis.

Acknowledging the Continued Threat to Retail Organizations

According to Symantec’s 2016 Internet Security Threat Report, the retail industry sector was the most heavily exposed to phishing attacks in 2015. But the threat is about more than simply being a target; hackers and cybercriminals are getting through current defenses. Gemalto’s Breach Level Index shows that more than 40 million retail records were lost or stolen in 2015 (with more than 800 million records lost or stolen since 2013). That all adds up to serious monetary hits to retail enterprises; according to Ponemon Institute research, the average global per-record cost of a retail data breach is $172.

Given that the Payment Card Industry Data Security Standard (PCI DSS) mandates that all personnel be given access to general security awareness training at minimum, it’s possible (likely, even) that some degree of cybersecurity education is being delivered to the majority of retail workers. The problem? Most security awareness and training programs are not effective at changing end-user behavior, which is the key to risk reduction. Earlier this year, Verizon reported that a staggering 63% of confirmed breaches involved the use of weak, default, or stolen passwords. And our own 2016 Beyond the Phish Report revealed that users in the retail industry struggle with applying data safeguards; our data showed that only 37% of assessment questions related to proper protection and disposal of sensitive data were answered correctly.

In speaking about our new program for retail organizations, Wombat President and CEO said, “The discovery that end-user behavior leads to a massive volume of cybersecurity risks within retail is both a concerning and addressable revelation for leaders in a retail enterprise. Many of the security pain points retail organizations are experiencing today can be addressed and negative impacts significantly reduced with greater security awareness.

“Wombat developed this prescriptive training format with retail organizations specifically in mind, and it addresses each area of concern with actionable, measurable, and effective educational strategies. Our retail customers that have applied our methodology with success are already seeing significant reductions in vulnerability and risk after deploying the Wombat program.”

Changing Behaviors and Reducing Risk Through Targeted Education

Our Security Awareness and Training Program for Retail Organizations applies our Continuous Training Methodology, which has been used successfully by our customers to reduce susceptibility to phishing attacks and malware infections by up to 90%. We suggest that retail enterprises utilize the following products in developing and executing their cybersecurity education programs:

  • CyberStrength® knowledge assessments, including our Payment Card Industry Predefined CyberStrength assessment
  • ThreatSim® simulated phishing attacks (plus our PhishAlarm® one-click email reporting tool)
  • Interactive education modules that focus on PCI DSS training, email security, social engineering, data protection and destruction, and other key cybersecurity topics
  • Security Awareness Materials — including posters, articles, and images — to help keep best practices visible and top of mind (particularly for point-of-sale workers)


Read more details about the components of our program


Organizations that deploy this and any other Wombat security awareness and training program will have access to detailed reports that offer broad and granular insights into assessment results and training metrics. These reports enable progress checks and strategic planning, and they allow organizations to easily incorporate gamification techniques to further motivate users and encourage participation. Measurement is a foundational element of our Continuous Training Methodology because it is a key to successful execution of any ongoing, results-driven activity.

If you are seeking a partner who understands the unique risks and challenges you face with regard to planning and delivering effective security awareness training, look no further than our team of cybersecurity education experts. A primary reason we are a leader in this space is because we put our customers’ needs and requirements first. We will help you overcome obstacles and assist you with designing and executing a program that allows you to better manage end-user risk.