blog-logo.png

A BLOG ABOUT CYBER SECURITY

Wombat Security is a leader in security awareness and training. Our blog covers the latest cyber security news, insights, and best practices. We arm infosec professionals with the knowledge and tools they need to improve end-user behaviors and reduce organizational risk.

2017 Beyond the Phish Report Reveals End-User Strengths, Weaknesses

Written by Gretel Egan

Infosec professionals who are seeking industry- and category-specific data points that illustrate business implications and highlight knowledge deficiencies in end-user cybersecurity knowledge, take note: our 2017 Beyond the Phish Report™ is now available for download.

Read More

Blog Topics

2017 Beyond the Phish Report Reveals End-User Strengths, Weaknesses

Infosec professionals who are seeking industry- and category-specific data points that illustrate business implications and highlight knowledge deficiencies in end-user cybersecurity knowledge, take note: our 2017 Beyond the Phish Report™ is now available for download.

Read More

The Latest in Phishing: September 2017

We bring you the latest in phishing statistics and attacks from the wild.

Read More

WannaCry, NotPetya, and the Evolution of Ransomware

In the past few months, we’ve seen what will likely mark a pivot point in the evolution of ransomware and how it’s being deployed.

Read More

Social Media Hauntings: Students and Job Seekers Beware

When I was a kid, there was a lot of collective fear among my fellow students at the idea of infractions going on a “permanent record.” This nebulous threat from parents, teachers, and administrators had many of us thinking — and fretting — about the types of behaviors and activities that could potentially be tied to us for eternity. (We were easily fooled. What can I say?)

Back in the olden days (i.e., the pre-internet years), we worried about the ramifications of an essentially baseless behavior log that we never actually saw with our own eyes. Interestingly, today’s most frightening form of a permanent record is the one that kids and adults alike are creating for themselves on social media. Unfortunately, bad decisions shared on these forums can haunt users for years to come.

Read More

WannaCry, NotPetya, and the Evolution of Ransomware

In the past few months, we’ve seen what will likely mark a pivot point in the evolution of ransomware and how it’s being deployed.

Read More

Phishing, Social Engineering Are Top Concerns for Black Hat Attendees

Black Hat USA 2017 kicks off in Las Vegas on July 22, and this show attracts some of the savviest information security professionals in the world. Earlier this month, Black Hat organizers released the results of its third annual attendee survey in its Portrait of an Imminent Cybersecurity Threat report. Below, we highlight some of the key findings in this year's report and compare the results to those revealed by the 2016 survey. 

Read More

RBS Security Awareness Manager Shares Lessons Learned at Wombat Wisdom

At our third annual Wombat Wisdom Conference last week in Pittsburgh, PA, attendees had the opportunity to hear from keynote speaker Lesley Marjoribanks, Security Awareness Manager at the Royal Bank of Scotland. She shared some valuable lessons learned in the planning and rollout of the security awareness training initiatives delivered to RBS end users. In the event that you were unable to join us, here are some of the pieces of advice she had to offer:

Read More

Carrot vs. Stick: Determining the Best Path for Your Program

We know it and you know it: Dealing with end-user mistakes is costly. From employee downtime, to remediation costs, to the potential spread of malware or ransomware, to IP and confidential data walking out the door, there are real dollars tied to cybersecurity errors. Employees who make those mistakes genuinely impact your business’s bottom line. And if they do it more than once...well, that just compounds the problem.

Read More

Social Media Hauntings: Students and Job Seekers Beware

When I was a kid, there was a lot of collective fear among my fellow students at the idea of infractions going on a “permanent record.” This nebulous threat from parents, teachers, and administrators had many of us thinking — and fretting — about the types of behaviors and activities that could potentially be tied to us for eternity. (We were easily fooled. What can I say?)

Back in the olden days (i.e., the pre-internet years), we worried about the ramifications of an essentially baseless behavior log that we never actually saw with our own eyes. Interestingly, today’s most frightening form of a permanent record is the one that kids and adults alike are creating for themselves on social media. Unfortunately, bad decisions shared on these forums can haunt users for years to come.

Read More

Update: Advanced Anti-Phishing Training Series, Platform Enhancements

We are excited to announce a new series of product updates that are designed to help our customers deliver advanced, effective security awareness training programs that will help their end users recognize and avoid cyberattacks. These enhancements to our Security Education Platform include a new anti-phishing training series and localized translations, advanced reporting features, updates to our PhishAlarm® product, and a new user interface.

Read More

New Anti-Phishing Training Series Provides Targeted End-User Education

We are excited to annouce the release of our new Securing Your Email – Fundamental anti-phishing training series. This latest addition to our library of more than 25 security awareness training modules targets fundamental cybersecurity best practices surrounding three key phishing threat vectors: malicious links, infected attachments, and requests for login credentials and other sensitive information.

The Securing Your Email – Fundamental series expands our already industry-leading anti-phishing employee training portfolio, and has been added as a featured option within our Anti-Phishing Training Suite. To enable targeted and timely security education, ThreatSim® customers can automatically auto-enroll employees in follow-up training assignments that match the type of phishing test sent to the end user (link-based, attachment-based, or data entry-based). As with the rest of our interactive training portfolio, this series directly addresses problematic behaviors to assist with end-user risk management.

Read More

Short on Security Awareness Training Staff? Try Our Managed Services.

Even with healthy security budgets, infosec teams can find themselves short on resources. Countless studies and articles have noted that good IT talent is hard to find, which means that security teams are still having to do more with less. And even those organizations that are not experiencing a personnel crunch could still be feeling the pinch on the cybersecurity education side. After all, staff members who are highly skilled at managing technical resources often lack the experience and expertise — and interest — needed to develop and execute an effective employee security awareness training program.

If you are lacking resources or expertise, don’t kick the can down the road, and don’t settle for a marginal program that is unlikely to give you any return (on even a minimal investment). Instead, use our Managed Services for security awareness training to help you deliver a program that provides measurable results.

Read More
icon-book.png

Try Our Interactive Security Awareness Training Modules

Our 25+ interactive training modules in topics like Email Security, URL Training, Mobile App Security, and more are proven to change the behavior of end users and reduce risk.

Try Our Modules