Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Ilan Abadi
Ilan Abadi
Connect Directly
E-Mail vvv

Disarming Employee Weaponization

Human vulnerability presents a real threat for organizations. But it's also a remarkable opportunity to turn employees into our strongest cyber warriors.

Employee awareness has become a critical necessity for modern organizational security. While the human factor has always presented an "inside threat" for companies, it’s fast-growing: The more social, hyperconnected, fast-paced our culture becomes, the greater are the risks employees bring into the organizational cybernetic space.

Worse, no matter how robust today's cyber defense systems are, it seems that attackers always remain one step ahead. With vast data publicly available on any employee, "bad guys" easily gather and utilize personal information to target specific employee groups. These sophisticated tactics instantly expose employees' vulnerabilities and turn them into human weapons, which in some recent global cyberattacks have had a destructive impact on the entire organization.

Almost any sizable company today implements some sort of security awareness training program from lectures and posters to computer-based training modules, videos, and articles. These tools offer mostly static, dated content, designed to be passively consumed by employees. Lack of context and relevance to employees' daily routine yields disengagement and creates high friction between employees and IT and HR teams, who are constantly chasing employees to enforce the training.

Adopting a Secure Cyber Lifestyle
There are better ways to engage employees and transform their behavior simply by leveraging the tremendous opportunity that modern reality offers. Due to multiple breaches in social networks, employees are gradually realizing just how vulnerable they are and how exposed and easy it is to breach their personal data. They also are starting to understand that they carry that risk home, to their family, home computers, and personal emails.

If we address employees' underlying concerns, we can recruit them to play an active role in the cyber awareness mission and build a secure cyber lifestyle that goes well beyond the organizational environment alone. But to be effective, we need to assume a hacker mindset and customize the training to specific employee clusters and individuals. When it comes to training, there’s no "one-size-fits-all" and the more we understand employees' cyber behavior, the better we can tailor the training program to them. Utilizing innovative training solutions with advanced performance analytics, allows us to test, analyze, and adapt the program itself to each employee and where they are in the learning curve.

Smart Phishing Awareness
Phishing accounts for 90% of data breaches, and roughly 30% of phishing messages get opened by targeted users, according to Verizon's "2019 Data Breaches Investigation" report. Training employees to identify phishing email and avoid falling prey to attacks has become mandatory, and phishing simulations are the best way to train employees on "real-life" scenarios in their own inbox. To plan and manage an effective phishing simulation campaign, you first need to segment employee groups by their department and role and select the right message for each group. C-level executives are known to be a high-target group for attackers, so the C-suite will need to receive additional, customized training.

Next, employees need to be clustered by their actual response to the phishing email — which conveys the risk level they present for the organization. The messages and training frequency need to adjust continuously, while employee progress and overall organizational resilience levels are being assessed, analyzed, and reported back. Only consistent, customized and adaptive training will transform employee behavior and build lasting organizational resilience to phishing attacks.

Educational Apps
Social networks and mobile apps have become another strong attack vector taking advantage of employees' false sense of security. Organizations must understand how employees interact with apps across different platforms and cultures, and then use the same tools and behavior patterns to build interactive training experiences. Interactive mobile games utilizing virtual reality, for example, can simulate a cyberattack on a social network and train employees for a safer behavior on these social platforms. These training apps should be accessible to employees via their personal mobile devices, just like social apps are present in every aspect of their social and professional lives.

Virtual Reality
Virtual reality can also be used to train specific or sensitive employee groups. These 3D enabled scenarios leverage the gaming element to convey a strong learning experience. Splitting employee to groups such as a red team versus blue team can create a multisensory learning opportunity that will leave a strong mark on employees' awareness and change their behavior in the long term.

These are just a few examples of commercially available advanced training methods that can empower employees with the knowledge and tools needed to adopt a cyber secure lifestyle. Employee awareness is an essential tool in our cyber ecosystem. Only smart, engaging training programs that considers employees' weaknesses and tailor the training to their professional profile, culture, and learning rhythm will convert employees from an organizational threat to a robust defensive workforce.


Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Ilan Abadi joined Teva Pharmaceutical Industries in May 2012 as Global CISO. In his current role, Ilan is in charge of establishing cybersecurity strategy and structure and managing ongoing cyber activities, including current and future security threats. Among his ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
7/8/2019 | 9:49:55 AM
Great Phishing policy
One firm sent out self-phish emails to all employees and those who clicked on a link were re-directed internally to a YOU NEED EDUCATION message and enrollment into a class on the subject.   Brilliant!
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-24
499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.
PUBLISHED: 2020-11-24
An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5-rc2. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went throu...
PUBLISHED: 2020-11-24
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s):,,,
PUBLISHED: 2020-11-24
HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.
PUBLISHED: 2020-11-24
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.