Lessons Learned from State of the Phish

Closing the gap in user vulnerability

Watch On-Demand

Recorded live on March 29, 2023

According to our latest research in the 2023 State of the Phish report, we found that while 98% of organizations had a security awareness program, only 56% trained all their employees. Additionally, only 35% of organizations conducted phishing simulations — down from 41% in 2021. So, this leads to an important question, where should leaders prioritize their security awareness efforts to close the gap in user vulnerability?

Join this 45-minute webinar as our panelists discuss:

  • Critical gaps in people’s security knowledge, behavior and beliefs that open organizations to risk
  • How to keep users engaged and change unsafe behavior
  • Ways to help users establish sustainable security habits that extend to their personal lives
  • Tips to address the discrepancy between security team and end users

Our panel includes fellow practitioners from two different enterprise financial organizations, Karina Edwards and Steve McGrath.

Karina Edwards

Karina Edwards is a Sr. Information Security Analyst at an international financial services group. In her role, she is responsible for the development and execution of a global information security awareness and training program. Together with another team member, she promotes greater security of company’s data, client information, and associated assets through continuous education using a behavior change model to reduce the company’s inherent “human” risk. Karina has been in her current role of supporting the global awareness and training program since 2019. Prior to that, she worked for large organizations in various industries such as Telecom, Healthcare, and Aerospace focusing primarily on IT Operations. Karina holds a Master of Science Degree in Systems Management from the University of Southern California and a Certification of Security Awareness Professional from SANS Institute.

Steve McGrath

Steve McGrath is an Information Security Analyst with a multinational commercial property insurance company. He supports a global cybersecurity training, education, and awareness program, as well as security and risk reporting. Steve directly supports the organization’s commitment to promoting a security conscious culture, working to deliver the right message, to the right people, at the right time. His team is responsible for researching, creating, and communicating a wide variety of interesting and applicable cybersecurity content to keep employees engaged. He is a frequent presenter and educator to internal audiences, helping people understand how small changes can make a big impact. He is responsible for running monthly phishing simulations and follow-up activities to re-enforce desired behaviors. Steve has been working in IT for 30 years, with the past ten years dedicated to Information Security and Security Awareness.