Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Ilan Abadi
Ilan Abadi
Connect Directly
E-Mail vvv

Disarming Employee Weaponization

Human vulnerability presents a real threat for organizations. But it's also a remarkable opportunity to turn employees into our strongest cyber warriors.

Employee awareness has become a critical necessity for modern organizational security. While the human factor has always presented an "inside threat" for companies, it’s fast-growing: The more social, hyperconnected, fast-paced our culture becomes, the greater are the risks employees bring into the organizational cybernetic space.

Worse, no matter how robust today's cyber defense systems are, it seems that attackers always remain one step ahead. With vast data publicly available on any employee, "bad guys" easily gather and utilize personal information to target specific employee groups. These sophisticated tactics instantly expose employees' vulnerabilities and turn them into human weapons, which in some recent global cyberattacks have had a destructive impact on the entire organization.

Almost any sizable company today implements some sort of security awareness training program from lectures and posters to computer-based training modules, videos, and articles. These tools offer mostly static, dated content, designed to be passively consumed by employees. Lack of context and relevance to employees' daily routine yields disengagement and creates high friction between employees and IT and HR teams, who are constantly chasing employees to enforce the training.

Adopting a Secure Cyber Lifestyle
There are better ways to engage employees and transform their behavior simply by leveraging the tremendous opportunity that modern reality offers. Due to multiple breaches in social networks, employees are gradually realizing just how vulnerable they are and how exposed and easy it is to breach their personal data. They also are starting to understand that they carry that risk home, to their family, home computers, and personal emails.

If we address employees' underlying concerns, we can recruit them to play an active role in the cyber awareness mission and build a secure cyber lifestyle that goes well beyond the organizational environment alone. But to be effective, we need to assume a hacker mindset and customize the training to specific employee clusters and individuals. When it comes to training, there’s no "one-size-fits-all" and the more we understand employees' cyber behavior, the better we can tailor the training program to them. Utilizing innovative training solutions with advanced performance analytics, allows us to test, analyze, and adapt the program itself to each employee and where they are in the learning curve.

Smart Phishing Awareness
Phishing accounts for 90% of data breaches, and roughly 30% of phishing messages get opened by targeted users, according to Verizon's "2019 Data Breaches Investigation" report. Training employees to identify phishing email and avoid falling prey to attacks has become mandatory, and phishing simulations are the best way to train employees on "real-life" scenarios in their own inbox. To plan and manage an effective phishing simulation campaign, you first need to segment employee groups by their department and role and select the right message for each group. C-level executives are known to be a high-target group for attackers, so the C-suite will need to receive additional, customized training.

Next, employees need to be clustered by their actual response to the phishing email — which conveys the risk level they present for the organization. The messages and training frequency need to adjust continuously, while employee progress and overall organizational resilience levels are being assessed, analyzed, and reported back. Only consistent, customized and adaptive training will transform employee behavior and build lasting organizational resilience to phishing attacks.

Educational Apps
Social networks and mobile apps have become another strong attack vector taking advantage of employees' false sense of security. Organizations must understand how employees interact with apps across different platforms and cultures, and then use the same tools and behavior patterns to build interactive training experiences. Interactive mobile games utilizing virtual reality, for example, can simulate a cyberattack on a social network and train employees for a safer behavior on these social platforms. These training apps should be accessible to employees via their personal mobile devices, just like social apps are present in every aspect of their social and professional lives.

Virtual Reality
Virtual reality can also be used to train specific or sensitive employee groups. These 3D enabled scenarios leverage the gaming element to convey a strong learning experience. Splitting employee to groups such as a red team versus blue team can create a multisensory learning opportunity that will leave a strong mark on employees' awareness and change their behavior in the long term.

These are just a few examples of commercially available advanced training methods that can empower employees with the knowledge and tools needed to adopt a cyber secure lifestyle. Employee awareness is an essential tool in our cyber ecosystem. Only smart, engaging training programs that considers employees' weaknesses and tailor the training to their professional profile, culture, and learning rhythm will convert employees from an organizational threat to a robust defensive workforce.


Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Ilan Abadi joined Teva Pharmaceutical Industries in May 2012 as Global CISO. In his current role, Ilan is in charge of establishing cybersecurity strategy and structure and managing ongoing cyber activities, including current and future security threats. Among his ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
7/8/2019 | 9:49:55 AM
Great Phishing policy
One firm sent out self-phish emails to all employees and those who clicked on a link were re-directed internally to a YOU NEED EDUCATION message and enrollment into a class on the subject.   Brilliant!
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-10-14
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
PUBLISHED: 2019-10-14
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
PUBLISHED: 2019-10-14
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.
PUBLISHED: 2019-10-14
Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen).
PUBLISHED: 2019-10-14
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.