Wombat Security is a leader in security awareness and training. Our blog covers the latest cyber security news, insights, and best practices. We arm infosec professionals with the knowledge and tools they need to improve end-user behaviors and reduce organizational risk.

Security Awareness and Training

2017 Beyond the Phish Report Reveals End-User Strengths, Weaknesses

Posted by Gretel Egan on Sep 21, 2017 10:07:41 AM

Infosec professionals who are seeking industry- and category-specific data points that illustrate business implications and highlight knowledge deficiencies in end-user cybersecurity knowledge, take note: our 2017 Beyond the Phish Report™ is now available for download.

Read More »

RBS Security Awareness Manager Shares Lessons Learned at Wombat Wisdom

Posted by Gretel Egan on Sep 19, 2017 11:57:44 AM

At our third annual Wombat Wisdom Conference last week in Pittsburgh, PA, attendees had the opportunity to hear from keynote speaker Lesley Marjoribanks, Security Awareness Manager at the Royal Bank of Scotland. She shared some valuable lessons learned in the planning and rollout of the security awareness training initiatives delivered to RBS end users. In the event that you were unable to join us, here are some of the pieces of advice she had to offer:

Read More »

Carrot vs. Stick: Determining the Best Path for Your Program

Posted by Gretel Egan on Sep 6, 2017 1:24:06 PM

We know it and you know it: Dealing with end-user mistakes is costly. From employee downtime, to remediation costs, to the potential spread of malware or ransomware, to IP and confidential data walking out the door, there are real dollars tied to cybersecurity errors. Employees who make those mistakes genuinely impact your business’s bottom line. And if they do it more than once...well, that just compounds the problem.

Read More »

Security Awareness Training: Why ‘Us vs Them’ Is a Lose-Lose Situation

Posted by Gretel Egan on Aug 24, 2017 3:39:31 PM

Good idea: Applying gamification techniques to your security awareness training program. This type of lighthearted, healthy competition between departments can help engage participants and leave employees feeling empowered and rewarded.

Bad idea:  Approaching your security awareness training program with a ‘you vs. the end users’ mentality. This mindset can breed resentment and distrust — on both sides — and undermine your efforts to build a more secure culture.

Read More »

Scrap Learning: Why All Security Awareness Training is Not Equally Effective

Posted by Kym Harper on Aug 16, 2017 9:54:47 AM

While end-user training for secure behaviors has experienced an uptick in interest and legitimacy versus technical-only solutions among CISOs in recent years, not all security awareness training is created equal.

Read More »