Security Awareness Training starts with the organization's acknowledgement that their employees are the weakest cybersecurity link. Conversely, they're also the first line of defense against cyber attacks. Security Awareness Training provides every employee with a fundamental understanding that there are imminent and ongoing cyber threats, preparing enterprise employees for common cyber attacks and threats.

Security Awareness Training generally consists of repetitive training and ongoing, sometimes random, testing in the following areas of exploitation. The most prevalent IT security threats (and thus the most up-to-date cybersecurity training) include:

• Spam. Not limited to direct email, spam is now one of the main methods of attack via social media. When someone "invites" you to connect on LinkedIn, for example, that invitation may arrive in your email, but its effectiveness is directly related to your trust of various social media sites. Cyber criminals can even embed password-stealing malware from a simple LinkedIn invitation.

• Phishing. Phishing is a common practice whereby hackers go after a broad target of users with emails that look genuine, but are actually intended to lead the uneducated user to click on dangerous links — possibly divulging usernames, passwords, personally identifiable information, even financial information. Phishing is akin to throwing out a wide net full of bait and pulling in whatever you catch.

• Spear phishing. While phishing schemes cast a wide net, spear phishing takes a highly targeted approach to attacking specific individuals. The most infamous spear phishing attack in recent history was on John Podesta, then-chairman of the Hillary Clinton presidential campaign. Spear phishing attacks target high-profile individuals or people with access to valuable digital assets. The email usually hand crafted, and uses all available information to make the email read exactly like an actual email from a friend or colleague.

• Malware. Short for "malicious software", malware refers to any type of software designed to cause harm to a device such as viruses, rootkits, spyware, worms and Trojan horses. Advanced Malware has a specific target and mission typically aimed at an organization or enterprise. In 2017, the malware program known as WannaCry spread throughout the world, crippling hundreds of organizations.

• Ransomware. Similar to malware, ransomware is used by attackers to extort money (or possibly other resources) from the target organization. In June 2017 NotPetya infected accounting software prevalent in the Ukraine. It encrypts files on the drive, requests $300 in bitcoin, attempts to steal credentials in the memory and attempts to propagate through the network using stolen credentials or exploits.

• Social engineering. This practice is simpler than it sounds. If you've seen the movie Catch Me If You Can, you've witnessed one highly effective example of social engineering. Tripwire assessed the most prevalent types of social-engineering attacks in 2015, at its core, social engineering occurs when one person fools another into giving up access to a resource. Social engineers use a variety of tools and resources to gain access to targeted resources, but the one-on-one direct attack remains the same.

RMCyberEthic can assist in providing this training to avoid having your employees be exploited. According to Secureworks 2018 Incident Response Insights Report, “42% of attackers gain entry from successful phishing scams, reinforcing the need for ongoing employee education.” Contact Us if you would like additional information regarding this service.