TL;DR
Vansec’s multi-message spear phishing simulation (expanded thread here)
Vansec’s chat-based security awareness training (personalized to each employee’s simulation) (expanded conversation here)
Security awareness training on a cybersecurity topic (expanded conversation here)
Spear phishing is an advanced form of phishing, where the bad actor engages the victim in a very personalized & targeted manner, usually involving prior research on the victim (e.g. via LinkedIn) as well as various social engineering techniques to try to trick the victim.
It’s common knowledge that phishing is by far the most common way in which cyber attacks occur (over 90%, as of 2020), and 66% of phishing victims are victims of spear phishing attacks (as of 2023). With proliferation of generative AI and everyone being on LinkedIn, the phishing techniques that bad actors are using are growing both in sophistication and scale.
The world of phishing simulation is dominated by legacy players like KnowBe4, and while their product is the standard of the industry, the product itself is very one-dimensional.
Problem 1. Existing phishing simulations are too basic, where you send out one templated email and that’s it.
Problem 2. Simulations are not highly-personalized, nor can you train your employees against dangerous social engineering techniques.
The reality is that this does not prepare your employees against the most dangerous type of phishing attacks: spear phishing. Vansec’s spear phishing simulations are multi-message, hyper-personalized, and scenario-based where you can choose from common scenarios or customize your own (p.s. we also provide basic phishing simulation too).
Employees playing training videos in the background/minimized while doing something else. This is what security awareness training looks like today.
Problem 1. Obviously, this does not improve company’s actual security readiness.
Problem 2. It’s a waste of time for the employee.
The optimal outcome here is for the training to be a) effective i.e. employees actually learn and become security-effective and b) time-efficient i.e. minimal disruption to their workflow.
Our opinion is that learning should always be interactive, not passive. We also believe that getting pulled away from actual work to complete training is always going to be annoying for the employee, no matter how you do it. That’s why we designed Vansec’s security awareness training to be interactive & bite-sized (p.s. it’s also super personalized).