blog-logo.png

A BLOG ABOUT CYBER SECURITY

Wombat Security is a leader in security awareness and training. Our blog covers the latest cyber security news, insights, and best practices. We arm infosec professionals with the knowledge and tools they need to improve end-user behaviors and reduce organizational risk.

Risk Management

Security Awareness Training: Why ‘Us vs Them’ Is a Lose-Lose Situation

Posted by Gretel Egan on Aug 24, 2017 3:39:31 PM

Good idea: Applying gamification techniques to your security awareness training program. This type of lighthearted, healthy competition between departments can help engage participants and leave employees feeling empowered and rewarded.

Bad idea:  Approaching your security awareness training program with a ‘you vs. the end users’ mentality. This mindset can breed resentment and distrust — on both sides — and undermine your efforts to build a more secure culture.

Read More »

Black Hat 2017 Takeaways: Treating the Root of End-User Risk

Posted by Kurt Wescoe on Aug 1, 2017 9:49:12 AM

Last week, I got to spend time with many other members of the security community at Black Hat USA 2017. Despite being in the infosec space for the past ten years, this was my first time attending the event, and I was impressed with the breadth of topics covered. None too surprising, I found a lot of interesting talks in the “Human Factors” track, but it was refreshing to see how broadly this community is looking at security.

Read More »

Business Email Compromise: Prevent Wire Transfer Fraud & W-2 Phishing

Posted by Gretel Egan on Jul 27, 2017 8:26:00 AM

Though business email compromise (BEC) phishing attacks continue to plague organizations worldwide, many end users still don't fully appreciate the danger. Employees are not aware of how sophisticated these targeted social engineering attacks can be, the very real threat they pose to their personal reputations, and the impact they can have on their organizations. 

Read More »

Rethinking Patch Management Strategies to Balance Security and Uptime

Posted by Kurt Wescoe on Jun 21, 2017 12:42:04 PM

Recently I was part of a panel discussion on combatting ransomware at the SecureWorld Atlanta event. An interesting conversation developed around the old stalwart of patching computers and systems. A solid patching process is one of the most elementary parts of an organization’s security program — or at least it should be.

Read More »

User Risk Report Shows Marked Lack of Security Awareness Among Workers

Posted by Gretel Egan on Jun 15, 2017 1:40:36 PM

Earlier this week, we released our 2017 User Risk Report, which features the results of a survey of more than 2,000 working adults — 1,000 in the US and 1,000 in the UK — who were asked about cybersecurity topics and best practices that are fundamental to data and network security. What we found out about the personal habits of these individuals was sometimes heartening, occasionally perplexing, and frequently terrifying — but always enlightening.

An interesting note before you dive into the highlights below: Our survey concluded less than 24 hours before the first reports of the global WannaCry ransomware attack began to spread. As such, the responses of the participants were not influenced by the increased media exposure that resulted from WannaCry.

Read More »