blog-logo.png

A BLOG ABOUT CYBER SECURITY

Wombat Security is a leader in security awareness and training. Our blog covers the latest cyber security news, insights, and best practices. We arm infosec professionals with the knowledge and tools they need to improve end-user behaviors and reduce organizational risk.

New Anti-Phishing Training Series Provides Targeted End-User Education

Written by Gretel Egan

We are excited to annouce the release of our new Securing Your Email – Fundamental anti-phishing training series. This latest addition to our library of more than 25 security awareness training modules targets fundamental cybersecurity best practices surrounding three key phishing threat vectors: malicious links, infected attachments, and requests for login credentials and other sensitive information.

The Securing Your Email – Fundamental series expands our already industry-leading anti-phishing employee training portfolio, and has been added as a featured option within our Anti-Phishing Training Suite. To enable targeted and timely security education, ThreatSim® customers can automatically auto-enroll employees in follow-up training assignments that match the type of phishing test sent to the end user (link-based, attachment-based, or data entry-based). As with the rest of our interactive training portfolio, this series directly addresses problematic behaviors to assist with end-user risk management.

Read More

Blog Topics

New Anti-Phishing Training Series Provides Targeted End-User Education

We are excited to annouce the release of our new Securing Your Email – Fundamental anti-phishing training series. This latest addition to our library of more than 25 security awareness training modules targets fundamental cybersecurity best practices surrounding three key phishing threat vectors: malicious links, infected attachments, and requests for login credentials and other sensitive information.

The Securing Your Email – Fundamental series expands our already industry-leading anti-phishing employee training portfolio, and has been added as a featured option within our Anti-Phishing Training Suite. To enable targeted and timely security education, ThreatSim® customers can automatically auto-enroll employees in follow-up training assignments that match the type of phishing test sent to the end user (link-based, attachment-based, or data entry-based). As with the rest of our interactive training portfolio, this series directly addresses problematic behaviors to assist with end-user risk management.

Read More

Phishing, Social Engineering Are Top Concerns for Black Hat Attendees

Black Hat USA 2017 kicks off in Las Vegas on July 22, and this show attracts some of the savviest information security professionals in the world. Earlier this month, Black Hat organizers released the results of its third annual attendee survey in its Portrait of an Imminent Cybersecurity Threat report. Below, we highlight some of the key findings in this year's report and compare the results to those revealed by the 2016 survey. 

Read More

Ransomware Roundup: July 2017

We bring you the latest in ransomware statistics and attacks from the wild.

Read More

Phishing, Social Engineering Are Top Concerns for Black Hat Attendees

Black Hat USA 2017 kicks off in Las Vegas on July 22, and this show attracts some of the savviest information security professionals in the world. Earlier this month, Black Hat organizers released the results of its third annual attendee survey in its Portrait of an Imminent Cybersecurity Threat report. Below, we highlight some of the key findings in this year's report and compare the results to those revealed by the 2016 survey. 

Read More

User Risk Report Shows Marked Lack of Security Awareness Among Workers

Earlier this week, we released our 2017 User Risk Report, which features the results of a survey of more than 2,000 working adults — 1,000 in the US and 1,000 in the UK — who were asked about cybersecurity topics and best practices that are fundamental to data and network security. What we found out about the personal habits of these individuals was sometimes heartening, occasionally perplexing, and frequently terrifying — but always enlightening.

An interesting note before you dive into the highlights below: Our survey concluded less than 24 hours before the first reports of the global WannaCry ransomware attack began to spread. As such, the responses of the participants were not influenced by the increased media exposure that resulted from WannaCry.

Read More

Five Tips from CISOs for Managing Emerging Cybersecurity Threats

I recently had the opportunity to visit SecureWorld Atlanta 2017, where I met a number of industry experts and attended several sessions. One of those sessions was a panel discussion titled, “Hazards on the Horizon – Emerging Threats.” The panel of CISOs discussed both the current cyber threat landscape and offered advice for keeping networks and systems as secure as possible during this era of frequent cyberattacks. Each of the five panelists was asked to provide their one key piece of advice. Here’s what they said:

Read More

Short on Security Awareness Training Staff? Try Our Managed Services.

Even with healthy security budgets, infosec teams can find themselves short on resources. Countless studies and articles have noted that good IT talent is hard to find, which means that security teams are still having to do more with less. And even those organizations that are not experiencing a personnel crunch could still be feeling the pinch on the cybersecurity education side. After all, staff members who are highly skilled at managing technical resources often lack the experience and expertise — and interest — needed to develop and execute an effective employee security awareness training program.

If you are lacking resources or expertise, don’t kick the can down the road, and don’t settle for a marginal program that is unlikely to give you any return (on even a minimal investment). Instead, use our Managed Services for security awareness training to help you deliver a program that provides measurable results.

Read More

Anti-Phishing Training: Why ‘Set It and Forget It’ Is a Mistake

Even though cybersecurity budgets are healthier now than they have been in past years, security talent is in short supply, which means infosec training teams are still facing the crunch of doing more with less. As such, the lure of automation is strong. If you find yourself tempted by the idea of a “set it and forget it” security awareness training program, we caution you to consider the negative side effects of a hands-off approach.

Read More

Rethinking Patch Management Strategies to Balance Security and Uptime

Recently I was part of a panel discussion on combatting ransomware at the SecureWorld Atlanta event. An interesting conversation developed around the old stalwart of patching computers and systems. A solid patching process is one of the most elementary parts of an organization’s security program — or at least it should be.

Read More

New Anti-Phishing Training Series Provides Targeted End-User Education

We are excited to annouce the release of our new Securing Your Email – Fundamental anti-phishing training series. This latest addition to our library of more than 25 security awareness training modules targets fundamental cybersecurity best practices surrounding three key phishing threat vectors: malicious links, infected attachments, and requests for login credentials and other sensitive information.

The Securing Your Email – Fundamental series expands our already industry-leading anti-phishing employee training portfolio, and has been added as a featured option within our Anti-Phishing Training Suite. To enable targeted and timely security education, ThreatSim® customers can automatically auto-enroll employees in follow-up training assignments that match the type of phishing test sent to the end user (link-based, attachment-based, or data entry-based). As with the rest of our interactive training portfolio, this series directly addresses problematic behaviors to assist with end-user risk management.

Read More

Short on Security Awareness Training Staff? Try Our Managed Services.

Even with healthy security budgets, infosec teams can find themselves short on resources. Countless studies and articles have noted that good IT talent is hard to find, which means that security teams are still having to do more with less. And even those organizations that are not experiencing a personnel crunch could still be feeling the pinch on the cybersecurity education side. After all, staff members who are highly skilled at managing technical resources often lack the experience and expertise — and interest — needed to develop and execute an effective employee security awareness training program.

If you are lacking resources or expertise, don’t kick the can down the road, and don’t settle for a marginal program that is unlikely to give you any return (on even a minimal investment). Instead, use our Managed Services for security awareness training to help you deliver a program that provides measurable results.

Read More

Register for the Wombat Wisdom Security Awareness Training Conference

Join us in our hometown of Pittsburgh, PA on September 13 and 14 for the third annual Wombat Wisdom Conference. This event brings together some of the brightest minds in security to share ideas and actionable concepts around the continuous improvement of security awareness and training programs.

This year’s conference is again open to Wombat customers and non-customers alike. Last year, our audience of more than 150 security awareness practitioners gave our content high marks, and they requested even more opportunities to hear from one another. As such, we’ve fine-tuned our agenda this year; attendees will have access to additional peer presentations and networking time, as well as sessions that offer insights from the Wombat team and industry experts. 

Read More