We think like bad guys so you don’t have to.
As experienced IT security professionals, we recognized that the defensive, reactive thinking dominating old-school information security wasn’t going to cut it when it came to combatting phishing attacks.
What bothered us was the dominant belief that you couldn’t do much about data compromise at the point of attack, the user. People got comfortable with the idea that “users will just click, these things happen”, that it’s best to think about preparation for the inevitable rather than prevention of the avoidable. Not us. We can do better.
The attacker is human. The user is human.
This is the crux of why traditional training doesn’t work. It factors out the in-the-moment behavior every user can have when scrolling through their in-box. Often, it isn’t even intentional; we open an email and click a link out of habit.
But it’s that ingrained impulse that also constitutes the most teachable moment to launch training.
That’s when users recognize that they’ve been compromised. That’s when they reprogram their own behavior. They become the “smart skeptics” an organization needs to stay ahead of the unexpected deceptions that define phishing attacks.
Educating users is critical and an integral weapon in the war against spear phishing. If traditional information security is putting out fires, SpearTraining with ThreatSim means teaching your people not to play with matches.
