#1 Recommendation - Department of Health and Human Services (HHS)

Many organizations base their cybersecurity on smart technology yet underinvest in what should be their first line of defense—their employees. Understanding and managing the behavior of employees, engaging them in the defense of digital assets, networks and intellectual property, secures benefits that often elude other organizations.

The Department of Health and Human Services #1 Mitigation Practice is E-Mail Protection Systems – Phishing Simulation and Education. Phishing attacks via email (a type of hacking attack) are the most common first point of unauthorized entry into an organization. Hackers target the weakest link, humans: social engineering accounts for 98% of ransomware attacks.

Education – Develop a Culture of Security

A successful cybersecurity culture begins with identifying the organization’s risk tolerance. Understanding which systems need protection and where vulnerabilities exist leads to informed decisions to secure enterprise data and set expectations about employee behavior.

When healthcare executives set reasonable, incremental goals and demonstrate a willingness to try new training methods, creating a culture of cyber awareness may be achieved. Given the volatility and increasing sophistication of the threat landscape, it is imperative.

According to ISACA and the CMMI Institute in their 2018 Cybersecurity Culture Report, organizations found a gap between their current cybersecurity culture and their target. Only 5% were content with the maturity of their culture. Cyber Tygr develops a culture of security through:

  • Automated Security Awareness Program - A customized Security Awareness Program tool for your organization will help implement all the steps needed to create a fully mature training program
  • Entertaining and Engaging Content - The world’s largest library of security awareness content includes interactive modules, videos, games, posters and newsletters
  • Leadership and the Human Firewall - Engaging executive sponsorship and support increases the buy-in by staff, creating a front line defense system
  • Performance Indicators and Business Goals Organizations with strong cybersecurity cultures have tied their training to the overall business mission and patient satisfaction

Phishing Campaign – Do not feed the Phish


  • Baseline Testing - Assess the Phish-prone percentage of your users through a simulated phishing attack
  • Train Your Users - The world's largest library of security awareness training content includes interactive modules, videos, games, posters and newsletters. Automated training campaigns with scheduled reminder emails
  • Phish Users - Best-in-class, fully automated simulated phishing attacks, hundreds of templates with unlimited usage, and community phishing templates
  • See the Results - Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management


Employees Stop Taking the “Bait”


Change first sentence to read “Analyzing 6 million users over the course of 12 months uncovered surprising results. The overall industry initial Phish-prone percentage benchmark is a troubling 27%.

Fortunately, the data showed that this 27% can be brought down more than half to 13% in only 90 days by deploying new-school secuity awareness training. The 365-day results show that by the folowing these bet practices, the final Phish-prone percentage can be minimized to 2.17% on average.