Behavior change should be the primary goal of your security awareness training program. You want users to break bad habits and learn new skills (and how to apply them) in general. But you also want to address risky behaviors that are most likely to impact your organization’s mission. It’s why education activities logically follow the vulnerability assessments outlined in the “Identify Risk” section. Awareness and training are two different things: knowing that a threat exists is not the same as knowing how to detect and deal with the threat when it presents itself. Education leads to behavior change—and a stronger last line of defense. Spambrella-managed training services will help your organization reduce it’s exposure to user-driven cybersecurity threats.
To effectively and efficiently change employee behaviors, our mSAT allows you to deliver a combination of:
Delivery: How we run your cybersecurity education program.
So you understand the need for educating the workforce, understand the threats and the social engineering tactics imposters take to leverage your employees, yet you do not have the time or personnel to manage a security awareness training platform… Spambrella’s mSAT is the solution. Join us for a demonstration, understand the service we provide, and how we can schedule a blend of both security and compliance or insider threat training programs. Our team will then work with you to design a user education schedule that delivers a steady flow of email threats combining phishing, attachments and other lures to see how end-users interact. Over time we will be able to see user education works and your workforce, employees, and brand are safer than prior to your investment in mSAT.
The primary focus is around baseline measurements, fundamental cybersecurity topics, and key learning objectives for users who have had limited or infrequent education about best practices and essential security behaviors.
Identify Risk: Threat Phishing Simulations
Email remains one of attackers’ favorite tools for targeting users and infiltrating organizations. Threat Phishing Simulations allow us to gauge your employees’ vulnerability to three key threats:
The Threat Simulation library includes thousands of customizable templates across more than 35 languages. We can:
How we use Phishing Simulations.
Before we formally launch your phishing assessments, we’ll send a test simulation to a small group of “in-the-know” members of your organization. This will help you identify any potential technical hurdles before Spambrella begin sending a broader test.
When you’re ready to launch, we recommend sending a “blind” phishing simulation to establish a baseline vulnerability measurement. What we mean by “blind” is that no “obvious” Teachable Moment or training assignment is attached to the phishing simulation, so the user doesn’t know they’ve been sent a test. Instead, opt for an “Error Message” Teachable Moment, which resolves to a browser error window. Blind phishing tests help to eliminate crosstalk (or the so-called “prairie dog effect”) among users, giving us the best opportunity for a reliable measurement.
Your baseline test should be of moderate difficulty; essentially, we’ll want to send a simulated attack that you believe a trained user would recognize to be dangerous. Following that, we recommend that we:
Change Behavior: End-User Training
Don’t mistake it: behavior change should be the primary goal for your security awareness training program. You want users to break bad habits and learn new skills (and how to apply them) in general. But you also want to address risky behaviors that are most likely to impact your organization’s mission. It’s why education activities logically follow the vulnerability assessments outlined in the “Identify Risk” section. Awareness and training are two different things: knowing that a threat exists is not the same as knowing how to detect and deal with the threat when it presents itself. Education leads to behavior change—and a stronger last line of defense. Spambrella managed training services will help your organization reduce its exposure to user-driven cybersecurity threats. To effectively and efficiently change employee behaviors, our mSAT allows you to deliver a combination of:
Broad, Organization-Wide Training
The Spambrella training approach is rooted in learning science, applying key principles that facilitate adult learning and knowledge retention. Our tools can help you build a strong cybersecurity foundation across your organization—and build on that foundation over time. We offer localized content in more than 35 languages and help you deliver training across a range of cybersecurity topics. In the suggested schedule later in this document, you will see recommended organization-wide training assignments for the following courses:
Threat-Based Training
With the changing threat landscape—and the variety of ways threat actors target individual organizations—it’s critical to keep users in tune with emerging threats. The vulnerabilities you identify during phishing simulations and the review of threat reports should guide your threat-based training choices. In our suggested program schedule later in this document, you will see our preferred delivery methods using the Auto-Enrollment feature within ThreatSim to automatically assign the following mini-modules from our “Securing Your Email – Fundamental” series to individuals who fall for email-based phishing tests:
Points to Keep in Mind
Key Takeaways TA569 leverages many types of injections, traffic distribution systems (TDS), and payloads including, but not limited to, SocGholish. In addition to serving as…
API email security services, like any technology, can have weaknesses that can potentially compromise their effectiveness. Here are some common weaknesses of API email security…
Cybersecurity is an ever-evolving field, and as technology advances, so do the methods used by cybercriminals to steal sensitive information and cause harm. In order…
Business email compromise (BEC) is a growing threat to businesses of all sizes. In a BEC attack, an attacker impersonates a senior executive or a…