We have been busy adding more content to our Cybersecurity Awareness Training. Here is a collection of what's new from January.
Real Life Stories
Power Grid Attack
"The power went out for over 200,000 people in my town...we were running around trying to fix the issue not realizing it was a cyber attack. It began a few months prior when an attacker sent an email out to our IT team."
As ICS attacks are only growing, this real-life incident has been dramatized to help you raise awareness with your staff on the importance of reporting suspicious activity early and how to be on the lookout for phishing attempts.
New Salary Adjustments Email Scam
"I’m on the finance team who is responsible for updating the payroll system. It is very typical for us to receive emails with attachments. So when our team received an email with a zip file named “New Salary Adjustments'' from our manager, I considered it nothing out of the ordinary."
Educate your team how a routine email can lead to the infection of a company's entire system in this multi-layer phishing scam targeting the payroll team.
Specialized Training Videos
Hacking Industrial Control Systems
On The Blog
NEW Advanced Annual Security Awareness Training
Created for those who've conquered the basics, this training includes a shorter format with more advanced topics on today's most relevant threats.
special Training for Security Awareness Leaders
Get a new perspective on using LinkedIn as part of your Security Awareness Strategy in this 3-part series hosted by our Community Manager, Ayelet HaShachar Penrod.
Reframe LinkedInWe'll learn how to use LinkedIn for "positive social engineering" in spreading the awareness messaging to our peers and even our executive and board team members.
We had a great first session and look forward to the next one coming this month. Register to get the replays.
(For those joining our weekly virtual meetups, it replaces one meetup a month).
- Join our weekly virtual huddle groups to troubleshoot or crowd-source ideas (this week we'll be discussing AI and the challenges of raising awareness with these tools)
- Hop on a live stream with a community member to discover the insights learned from their own awareness programs.
Read or watch some of our past live streams recently:
Making Cybersecurity Awareness Approachable
"Attention and intention [are both needed], with intention coming first. So be strategic. Focus on what you want to be as an organization and how security fits in there."
Heather Noggle shares some of her insights learned over her 25+ years of translating between English and Tech as an IT, cybersecurity, and people professional.
Heather combines her career across multiple discipliness including HR, full stack, full life cycle developer, executive, business owner, board member to bring a fresh and broad perspective to security awareness.
Are Humans Really The Weakest Link?
"When I say it is human error, you have to look at where the responsibility lies. Where does risk lie? At the board or the management - depending on the size of the company. Did they organize for that person to get the proper training? That's their job, right? They have to deal with the risk. They have to minimize it and put the controls in place. If they're not giving the people good training and just sticking them in front of the risk, well, there's your human error."
Mike Ouwerkerk, Cyber Security Awareness Training expert and Founder of Web Safe Staff, an IT Security Awareness Training service, shares his insights from years of providing companies with fun, in-person trainings and answers the burning question: are humans, indeed, the weakest link?
Security Awareness Training Is Not Enough
"We can't become complacent and just assign computer-based learning and videos to folks; to set them down with a PowerPoint presentation and expect humans to engage with that content and then retain that content and put it into practice."
Alethe Denis is a Senior Security Consultant at Bishop Fox and is well-known for winning the social engineering Capture the Flag at Def Con in 2019. She recently presented training to the United States Army Special Operations Command on social engineering and has presented numerous security awareness trainings to organizations across different industry verticals. She shares her insights on the gaps many security awareness programs have and how they can address them.
Evaluating Your Security Awareness Program
"Awareness is not the point. The point is behavior change... it's really important to recognize that awareness does not mean behavior change."
Security awareness encompasses a range of factors, including the social and psychological aspects of employees and their behaviors, that are not easily measurable. Security and Crime Psychologist Nadine Michaelides of Anima People shares the secrets to measuring the success of awareness campaigns that largely deal with human nature.