Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Ilan Abadi
Ilan Abadi
Connect Directly
E-Mail vvv

Disarming Employee Weaponization

Human vulnerability presents a real threat for organizations. But it's also a remarkable opportunity to turn employees into our strongest cyber warriors.

Employee awareness has become a critical necessity for modern organizational security. While the human factor has always presented an "inside threat" for companies, it’s fast-growing: The more social, hyperconnected, fast-paced our culture becomes, the greater are the risks employees bring into the organizational cybernetic space.

Worse, no matter how robust today's cyber defense systems are, it seems that attackers always remain one step ahead. With vast data publicly available on any employee, "bad guys" easily gather and utilize personal information to target specific employee groups. These sophisticated tactics instantly expose employees' vulnerabilities and turn them into human weapons, which in some recent global cyberattacks have had a destructive impact on the entire organization.

Almost any sizable company today implements some sort of security awareness training program from lectures and posters to computer-based training modules, videos, and articles. These tools offer mostly static, dated content, designed to be passively consumed by employees. Lack of context and relevance to employees' daily routine yields disengagement and creates high friction between employees and IT and HR teams, who are constantly chasing employees to enforce the training.

Adopting a Secure Cyber Lifestyle
There are better ways to engage employees and transform their behavior simply by leveraging the tremendous opportunity that modern reality offers. Due to multiple breaches in social networks, employees are gradually realizing just how vulnerable they are and how exposed and easy it is to breach their personal data. They also are starting to understand that they carry that risk home, to their family, home computers, and personal emails.

If we address employees' underlying concerns, we can recruit them to play an active role in the cyber awareness mission and build a secure cyber lifestyle that goes well beyond the organizational environment alone. But to be effective, we need to assume a hacker mindset and customize the training to specific employee clusters and individuals. When it comes to training, there’s no "one-size-fits-all" and the more we understand employees' cyber behavior, the better we can tailor the training program to them. Utilizing innovative training solutions with advanced performance analytics, allows us to test, analyze, and adapt the program itself to each employee and where they are in the learning curve.

Smart Phishing Awareness
Phishing accounts for 90% of data breaches, and roughly 30% of phishing messages get opened by targeted users, according to Verizon's "2019 Data Breaches Investigation" report. Training employees to identify phishing email and avoid falling prey to attacks has become mandatory, and phishing simulations are the best way to train employees on "real-life" scenarios in their own inbox. To plan and manage an effective phishing simulation campaign, you first need to segment employee groups by their department and role and select the right message for each group. C-level executives are known to be a high-target group for attackers, so the C-suite will need to receive additional, customized training.

Next, employees need to be clustered by their actual response to the phishing email — which conveys the risk level they present for the organization. The messages and training frequency need to adjust continuously, while employee progress and overall organizational resilience levels are being assessed, analyzed, and reported back. Only consistent, customized and adaptive training will transform employee behavior and build lasting organizational resilience to phishing attacks.

Educational Apps
Social networks and mobile apps have become another strong attack vector taking advantage of employees' false sense of security. Organizations must understand how employees interact with apps across different platforms and cultures, and then use the same tools and behavior patterns to build interactive training experiences. Interactive mobile games utilizing virtual reality, for example, can simulate a cyberattack on a social network and train employees for a safer behavior on these social platforms. These training apps should be accessible to employees via their personal mobile devices, just like social apps are present in every aspect of their social and professional lives.

Virtual Reality
Virtual reality can also be used to train specific or sensitive employee groups. These 3D enabled scenarios leverage the gaming element to convey a strong learning experience. Splitting employee to groups such as a red team versus blue team can create a multisensory learning opportunity that will leave a strong mark on employees' awareness and change their behavior in the long term.

These are just a few examples of commercially available advanced training methods that can empower employees with the knowledge and tools needed to adopt a cyber secure lifestyle. Employee awareness is an essential tool in our cyber ecosystem. Only smart, engaging training programs that considers employees' weaknesses and tailor the training to their professional profile, culture, and learning rhythm will convert employees from an organizational threat to a robust defensive workforce.


Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Ilan Abadi joined Teva Pharmaceutical Industries in May 2012 as Global CISO. In his current role, Ilan is in charge of establishing cybersecurity strategy and structure and managing ongoing cyber activities, including current and future security threats. Among his ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
7/8/2019 | 9:49:55 AM
Great Phishing policy
One firm sent out self-phish emails to all employees and those who clicked on a link were re-directed internally to a YOU NEED EDUCATION message and enrollment into a class on the subject.   Brilliant!
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-21
Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are...
PUBLISHED: 2020-09-21
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from versio...
PUBLISHED: 2020-09-21
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from...
PUBLISHED: 2020-09-19
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
PUBLISHED: 2020-09-19
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our secu...