Wombat Security is a leader in security awareness and training. Our blog covers the latest cyber security news, insights, and best practices. We arm infosec professionals with the knowledge and tools they need to improve end-user behaviors and reduce organizational risk.

Research and Analysis

New APWG Report Shows Need for Strategic Phishing Awareness Training

Posted by Aaron Jentzen on Nov 7, 2017 1:22:33 PM

The volume of phishing attacks rose in the first half of 2017 and more brands are being targeted than in 2016, according to a new report by the Anti-Phishing Working Group (APWG). As these attacks become more strategic and sophisticated in nature, your organization’s phishing awareness training should follow suit.

Read More »

Wombat Security Named a Leader for Fourth Consecutive Year

Posted by Aaron Jentzen on Oct 31, 2017 12:37:04 PM

For the fourth year in a row, IT research and advisory firm Gartner, Inc. has recognized Wombat Security as a Leader in the Magic Quadrant for Security Awareness Computer-Based Training (CBT).* Our strong position this year reflects our Ability to Execute and Completeness of Vision — the latter of which Wombat was ranked highest.

Read More »

Scary Data Breach Statistics of 2017

Posted by Gretel Egan on Oct 27, 2017 12:20:04 PM

On October 25, the Identity Theft Resource Center (ITRC) published its latest compilation of confirmed data breach notifications affecting US organizations and customers so far this year.* The headline numbers — 1,120 total breaches and more than 171 million records exposed — are frightening in their own right, especially considering that in all of 2016, the ITRC reported 1,039 total breaches and just over 36.6 million records exposed. But what really stood out to us in this latest look at the report wasn’t the numbers that are known, but the numbers that remain unknown.

Read More »

Is Conventional Wisdom Weakening Your Passwords?

Posted by Aaron Jentzen on Oct 13, 2017 11:25:20 AM

You’re setting up a new online account and need to create a new password, so you think of a word you can remember, capitalize the first letter, add some digits and end with an exclamation point. The password is 12 characters long, and includes numerals, symbols, and upper- and lowercase letters. It’s probably a strong password, right?

New research suggests that some steps people use to strengthen passwords actually make them more vulnerable to attackers, and that its time to rethink the standard advice about passwords and consider new approaches to security awareness training.

With that in mind, we explore the crossroads of science and password policies, usability and security education, and share three tips for creating stronger passwords.

Read More »

2017 Beyond the Phish Report Reveals End-User Strengths, Weaknesses

Posted by Gretel Egan on Sep 21, 2017 10:07:41 AM

Infosec professionals who are seeking industry- and category-specific data points that illustrate business implications and highlight knowledge deficiencies in end-user cybersecurity knowledge, take note: our 2017 Beyond the Phish Report™ is now available for download.

Read More »