Firms with the most secure IT infrastructures and controls are still at risk if their employees fall prey to social engineering tactics. Our Automated Security Awareness program kick-starts a fully developed training course in only a few quick steps.

In an ideal cybersecurity world managed completely by artificial intelligence and machine-learning algorithms, would the system be able to stop every attack before it happens? Sure, but only in the movies, of course. As long as there are humans working with the various applications and systems, a security-impactful event will always occur at some point.

Corporations spend millions of dollars on cybersecurity adaptive controls such as email security, anti-spam blockers, and multi-factor authentication. Even with these controls in place, in many cases, what the actual users do at the endpoint may override the value of the controls. Spear phishing emails, LinkedIn requests, and Facebook postings – often, all of these can result in more increases in security breaches within the enterprise than brute force attacks or password spraying.

Through social engineering, hackers learn in time how to communicate directly with the employees within an organization. Truth be told, many hackers do not target the executives; most attacks are against the employees in various departments across the organization, such as human resources, the supply chain, finance, and sales. These employees typically communicate with the outside world more frequently than most. Moreover, these employees often use social media tools like LinkedIn, Facebook, and others to find prospective clients, potential employees to fill an open position, or, perhaps, a new supply chain partner. Hackers will use “automatous” to impersonate someone within a known company to gain access to their corporate passport by having the user click on links that capture credentials. The hacker will then use these stolen credentials to access your internal systems.

How can I stop a human from being human in the cybersecurity world?

Outside of programming humans not to be human, education has become the proven method to help turn regular employees into “cyber warriors” within the organization. Companies like Proofpoint (formerly WOMBAT) and other cybersecurity training firms have developed real-time training to help educate corporate users as to what to look out for from a possible hacker. The training modules examine how to correctly identify a “phishing” email. A part of the cyber-warrior transformation through education is learning how to dig into emails to correctly recognize an actual fraud request.

When leveraging EVEE Consulting to help develop a proper education awareness program, the training sessions have been known to improve ROI as to the various adaptive controls such as email security and PHISH attacks. Education helps reduce the time that SECOPS has to spend investigating security events caused by users clicking on the wrong link.