Credential Harvesting

Security orchestration, automation, and response (SOAR) platforms enable organizations to improve the efficiency of their security operations by collecting alerts from diverse security tools, automating repetitive tasks (like alert enrichment or initial containment actions), and standardizing incident response processes through predefined digital playbooks. This allows security teams to respond faster to threats and manage a higher volume of alerts with greater consistency. User vigilance, cultivated by awareness training and leading to prompt reporting of incidents like phishing, can serve as a critical trigger for automated SOAR workflows.

Tactics, techniques, and procedures (TTPs) outline the specific methods, patterns of behavior, and operational approaches used by cyber adversaries during various stages of an attack, from reconnaissance to achieving their objectives. Understanding attacker TTPs—such as common phishing strategies, social engineering maneuvers, or malware deployment methods—is fundamental for developing effective defensive strategies and incident response plans. Security awareness training directly addresses many TTPs by educating users to recognize and thwart these malicious approaches targeting the human element.

A threat intelligence platform, or TIP, is a system that centralizes the collection, aggregation, correlation, and analysis of threat intelligence data from numerous internal and external sources. It provides security teams with actionable insights into existing and emerging threats, threat actors, their TTPs, and indicators of compromise, enabling more proactive defense and informed decision-making. For companies like Adaptive Security, intelligence from a TIP can be instrumental in developing up-to-date, realistic phishing simulations and training content that reflect the current threat landscape.

Extended detection and response, or XDR for short, is a security approach that unifies threat detection and incident response by collecting and correlating data from multiple security layers—including endpoints, email, networks, cloud workloads, and identity systems. This holistic view aims to improve visibility, accelerate threat detection, and streamline response actions across the entire IT ecosystem, moving beyond siloed security tools. While XDR provides powerful technical detection, security awareness training empowers users to be a crucial first line of defense, often identifying and reporting threats like phishing that become initial inputs for XDR analysis.

User and entity behavior analytics (UEBA) systems employ machine learning and advanced analytics to establish baseline behaviors for users and entities (like servers and applications), then identify anomalous activities that could indicate threats such as insider attacks, compromised accounts, or data exfiltration. By focusing on deviations from the norm, UEBA helps uncover sophisticated threats that traditional rule-based systems might miss. Effective security awareness training complements UEBA by fostering secure user habits, thereby reducing the incidents of risky behavior that could lead to account compromise or trigger alerts.

Adaptive security refers to a cybersecurity framework where an organization's protective measures and policies continuously monitor, learn, and dynamically adjust in response to the evolving threat landscape, real-time intelligence, and observed behaviors, rather than relying solely on static, pre-defined configurations. This proactive model aims to more effectively predict, prevent, detect, and respond to threats by being context-aware and agile. By extending this philosophy to the human element, platforms such as Adaptive Security (the company) apply these principles to security awareness training, personalizing learning experiences and phishing simulations based on individual user risk profiles and performance to build a more resilient workforce.

A watering hole attack is a targeted cyberattack where attackers identify websites frequently visited by a specific group of users or an organization (the 'watering hole') and then infect one or more of these legitimate sites with malware. When users from the target group visit the compromised site, their systems can become infected without any direct phishing lure, exploiting their trust in familiar online destinations. Security awareness must instill caution even with trusted sites and emphasize the importance of updated endpoint protection and recognizing unusual website behavior.

An evil twin attack, sometimes referred to as WiFi phishing, occurs when an attacker sets up a rogue WiFi access point that mimics a legitimate one (like 'Airport_Free_WiFi' or a known coffee shop network) to trick users into connecting. Once connected to this malicious 'evil twin,' the attacker can intercept their internet traffic, steal login credentials, personal data, or inject malware, effectively phishing information over a compromised wireless connection. Security awareness training emphasizes the risks of using unsecured public WiFi and promotes practices like using VPNs and verifying network authenticity.

Pharming is a cyberattack that redirects users attempting to visit a legitimate website to a fraudulent, look-alike site without their conscious action, often by compromising DNS servers (DNS poisoning) or modifying a victim's local hosts file. Unlike phishing which typically relies on a lure to click, pharming can automatically divert traffic, making it particularly deceptive for harvesting credentials even from cautious users. While primarily a technical attack, security awareness can help users recognize subtle signs of a fake website, such as incorrect URLs or missing security indicators, even if they believe they accessed it directly.

Search engine phishing involves attackers creating malicious websites designed to look legitimate and then using search engine optimization (SEO) tactics or paid advertisements to make them appear prominently in search results for specific keywords. Unsuspecting users clicking these links can be led to sites that harvest credentials, distribute malware, or display fraudulent offers, bypassing traditional detection.

Angler phishing occurs when attackers impersonate official customer service accounts of trusted organizations on social media platforms, waiting for users to post complaints or queries, and then 'lure' these users into fake support interactions or private messages. Their goal is to direct users to malicious websites to steal credentials or personal information, exploiting trust in brands with a social media context.

Clone phishing is a sophisticated attack where cybercriminals create a near-identical copy (clone) of a legitimate email previously received by the target, replacing the links or attachments. Because the email appears familiar and from a trusted source, victims are more likely to interact with the harmful content, often bypassing initial skepticism.

Email phishing, the most common form of phishing, is when attackers send fraudulent emails disguised as communications from legitimate organizations or trusted individuals to deceive recipients into revealing sensitive information, clicking malicious links, or downloading malware. These attacks often target login credentials, financial details, or personal data, making it a primary focus for security awareness training.

Deepfakes are highly realistic, AI-generated media — images, videos, or audio recordings — where individuals are convincingly depicted saying or doing things they never actually did, often manipulating facial features or synthesizing voices. As sophisticated fabrications, deepfakes pose a significant and fast-growing threat in social engineering because attackers can leverage them for a variety of phishing attacks by impersonating executives or trusted contacts with unprecedented realism.

Zero Trust is a security model based on the 'never trust, always verify' model. It requires identity verification for every user and device seeking access, whether that user is inside or outside the network perimeter, and enforces least privilege access. Training helps users understand and operate effectively within a Zero Trust environment, particularly regarding authentication.

A zero-day vulnerability is a security flaw unknown to the software vendor or the public, meaning no patch or fix is available yet. A zero-day exploit is the malicious code used to attack this vulnerability. While technical teams handle patching, user awareness is vital because phishing can be used to deliver zero-day exploits before defenses are ready.

A computer worm is a type of malware that can replicate itself and spread independently from system to system across a network, often exploiting vulnerabilities without requiring user interaction after the initial infection. While their spread can be automatic, the initial infection point might still involve a user action, like opening a malicious attachment delivered via phishing.

Whaling is a form of spear phishing specifically targeted at high-profile individuals within an organization, such as senior executives (CEOs, CFOs) or board members. These attacks are often highly customized and aim for significant impact, like large fraudulent wire transfers or theft of strategic information. Targeted training and simulations are crucial for protecting these high-value targets.

A vulnerability assessment is the process of systematically identifying, classifying, and prioritizing vulnerabilities in computer systems, applications, and network infrastructure. While distinct from user training, its findings can highlight areas where user actions might inadvertently trigger exploits, informing relevant training content.

A vulnerability is a weakness or flaw in software, hardware, system configurations, or security procedures that can be exploited by a threat actor to cause harm or gain unauthorized access. While technical vulnerabilities require patches, human vulnerabilities (lack of awareness) require training. Untrained users represent a significant vulnerability exploited by phishing.

Vishing is phishing conducted over the phone or using voice over IP (VoIP) services. Attackers call victims, often impersonating tech support, banks, or government agencies, to trick them into revealing sensitive information or granting remote access. Multi-channel security awareness training addresses vishing alongside email and SMS threats.

A virtual private network, or VPN, creates a secure, encrypted connection (a 'tunnel') over a public network like the internet, protecting data from eavesdropping, especially on untrusted Wi-Fi. While a technical security tool, awareness training might cover the appropriate use of VPNs for remote work to ensure secure connections.

Urgency tactics are common social engineering techniques used in phishing and other scams to pressure victims into acting quickly without thinking critically. Attackers create a false sense of emergency (with phrases like "account suspension" or "immediate payment required") to override caution. Training helps users recognize and resist these manipulative pressure tactics.

URL obfuscation involves techniques used by attackers to hide the true destination address of a hyperlink, making a malicious URL look like a legitimate one. This can involve using URL shorteners, misleading link text, or complex encoding. Training users to hover over links (on desktop) and carefully scrutinize URLs before clicking is a key defense taught in security awareness.

A Trojan horse is a type of malware disguised as legitimate software or files. Users are tricked into downloading and executing it, which then allows the malware to perform its hidden malicious function, such as installing spyware or creating a backdoor. Phishing emails often deliver Trojans as attachments or downloads.

Training modules are distinct, self-contained units of learning content within a larger security awareness program, each typically focused on a specific topic (e.g., password security, identifying phishing, safe Browse). Platforms like Adaptive Security often use modules, including microlearning formats, as building blocks for personalized learning paths.

The threat landscape refers to the diverse range of cybersecurity threats, vulnerabilities, threat actors, and attack trends relevant to a particular organization, industry, or region at a given time. It is constantly evolving, requiring continuous adaptation in security defenses and awareness training content, a strength of AI-driven platforms.

A threat vector is the specific path or method a threat actor uses to gain unauthorized access to a system or network to deliver a payload or extract data. Common vectors include email (phishing), SMS (smishing), malicious websites, infected USB drives, and exploited vulnerabilities. Multi-channel training addresses multiple threat vectors.

Threat intelligence is knowledge or evidence of existing or emerging cybersecurity threats. This intelligence informs security decisions and can be used by platforms like Adaptive Security to create more relevant and timely phishing simulations and training content based on real-world attack trends.

A threat actor is any individual, group, or organization that intentionally poses a cybersecurity threat. Threat actors range from lone hackers and cybercriminals motivated by profit to organized crime groups, hacktivists with political agendas, and state-sponsored groups seeking intelligence or disruption. Understanding different actors helps contextualize the threats training addresses.

A teachable moment in security awareness is the critical opportunity for learning that occurs immediately after a user interacts with a simulated threat, such as clicking a phishing link or failing a knowledge quiz. Platforms like Adaptive Security capitalize on these moments by providing instant, targeted feedback and micro-training reinforcement when the user is most receptive.

Tailgating (or piggybacking) is a physical security breach where an unauthorized person follows an authorized individual through a secured door or checkpoint. While physical, it's often covered in comprehensive security awareness training as it relies on exploiting human politeness or inattention, similar to digital social engineering.

Spyware is a type of malware that secretly installs itself on a device to monitor user activity, collect keystrokes, steal sensitive information (like credentials or financial data), and report it back to the attacker. It can be delivered via phishing emails or malicious downloads. Training helps users avoid the actions that lead to spyware infections.

Spear phishing is a highly targeted phishing attack aimed at a specific individual or small group within an organization. Attackers often use personal information (gathered via OSINT) to make the email appear extremely credible and relevant to the recipient. These sophisticated attacks require heightened user vigilance, fostered by advanced training and simulations.

Social engineering is the art of manipulating people psychologically to bypass security measures and trick them into divulging confidential information or performing actions they shouldn't. Phishing, pretexting, baiting, and tailgating are all forms of social engineering. Security awareness training is the primary defense against these human-focused attacks.

Smishing is phishing conducted via SMS text messages. Attackers send messages containing malicious links or requests for sensitive information, often leveraging urgency or familiarity. As mobile use increases, multi-channel security awareness training must educate users on identifying and reporting smishing attacks.

Single sign-on, or SSO, allows users to log in once with a single set of credentials to access multiple different applications and services. While convenient, compromised SSO credentials grant attackers broad access, making them high-value targets for phishing. Training must emphasize the critical importance of protecting SSO passwords and responding to multi-factor authentication (MFA) prompts securely.

Sentiment analysis uses AI techniques, particularly NLP, to identify and interpret the emotional tone (positive, negative, neutral) expressed in text data. In a security context, this could potentially be used to analyze user feedback on training, gauge reactions to simulations, or even assess the emotional triggers used in suspected phishing emails.

An organization's security posture represents its overall cybersecurity strength and readiness to defend against threats. It's determined by its policies, technologies, incident response capabilities, and significantly, the awareness and preparedness of its employees. Effective security awareness training directly improves the human element of the security posture.

Security information and event management, or SIEM, systems collect and aggregate log data from various sources across an organization's IT infrastructure, analyze it for signs of threats or anomalies, and generate alerts. User reports of phishing attempts, facilitated by training and reporting tools, can provide valuable, context-rich input for SIEM systems, improving overall threat detection.

Security culture refers to the shared values, beliefs, attitudes, and behaviors regarding cybersecurity that exist within an organization. A strong security culture means security is prioritized and practiced by everyone, becoming part of the organizational DNA. Adaptive Security's goal is to cultivate a positive and resilient security culture through continuous training and engagement.

A security champion is an employee, often not in a formal security role, who acts as an advocate and resource for security best practices within their own team or department. They help promote security awareness initiatives, answer basic questions, and foster a stronger security culture locally. Effective training programs can help identify and empower potential security champions.

Security awareness training is an educational process designed to equip employees with the knowledge and skills needed to recognize cybersecurity threats (like phishing, malware, social engineering) and follow secure practices to protect themselves and the organization's assets. Next-generation platforms like Adaptive Security make this training continuous, adaptive, and engaging through simulations and personalized content.

Role-based training customizes security awareness content based on an employee's specific job function and the unique threats they are likely to encounter. For instance, finance personnel receive focused training on payment fraud, while developers learn about secure coding. This targeted approach increases relevance and is often a component within broader adaptive training strategies.

Risk scoring involves assigning a numerical or categorical score to users, assets, or behaviors based on various factors (such as role, access level, simulation performance, or training history) to quantify their associated security risk. Adaptive Security platforms often use AI-driven risk scoring to prioritize training interventions and dynamically adjust learning paths for high-risk individuals.

Risk management is the comprehensive, ongoing process of identifying, assessing, treating, and monitoring security risks to minimize their potential impact on the organization. Security awareness training and phishing simulations provided by platforms like Adaptive Security are crucial components of the 'treatment' phase, specifically mitigating human-based risks.

A risk assessment is the process of identifying potential security threats and vulnerabilities, analyzing the likelihood and potential impact of those threats materializing, and evaluating the overall risk level. The results inform security strategies, including identifying priority areas for security awareness training and simulation campaigns.

The report rate in phishing simulations is the percentage of users who correctly identified a simulated phishing attempt as suspicious or reported it using the organization's designated method. A high report rate is a key indicator of a successful security awareness program and a strong human firewall.

In the context of security awareness training, remediation refers to the follow-up actions taken when a user fails a phishing simulation or knowledge assessment. This often involves assigning targeted microlearning modules or additional training focused on the specific area of weakness, facilitated by platforms like Adaptive Security to correct risky behaviors.

Ransomware is a type of malware that encrypts a victim's files or locks their entire system, making them inaccessible until a ransom is paid, usually in cryptocurrency. Phishing emails containing malicious links or attachments are one of the most common ways ransomware infects systems, making user vigilance a critical preventative measure.

Quishing is a form of phishing that uses malicious QR (quick response) codes. Attackers trick users into scanning these codes, which then lead to fake websites, malware downloads, or initiate fraudulent payments. As QR codes proliferate, awareness training must address the risks associated with scanning untrusted codes, especially in multi-channel threat environments.

Privacy, in the context of data, refers to the protection of personal information from unauthorized collection, use, access, or disclosure. Security awareness training plays a role by educating employees on their responsibilities for handling personal data (of customers or colleagues) securely and recognizing threats like phishing that aim to steal such data.

Pretexting is a social engineering technique where an attacker invents a fabricated scenario (the pretext) to gain the victim's trust and persuade them to divulge information or perform an action they wouldn't normally do. This often forms the narrative backbone of phishing, vishing, and business email compromise attacks, highlighting the need for critical thinking and verification.

Predictive analysis uses algorithms and machine learning to analyze data to make predictions about future outcomes. In security awareness training, this can involve predicting which users are most likely to fall victim to phishing based on behavioral patterns or anticipating emerging phishing campaign trends, allowing for proactive training adjustments.

Policy awareness refers to ensuring that employees are aware of, understand, and adhere to the organization's documented security policies and procedures. Security awareness training programs typically incorporate modules specifically designed to educate users on relevant policies governing acceptable use, data handling, incident reporting, and more.

Phishing simulations are controlled, harmless mock phishing attacks sent to employees to assess their susceptibility, provide immediate learning opportunities (teachable moments), and measure the effectiveness of security awareness training. Platforms like Adaptive Security use sophisticated simulations, often AI-enhanced and multi-channel, as a core part of their training methodology to build resilience.

Phishing is a type of social engineering attack where a threat actor tries to deceive an individual into completing an action or revealing sensitive information, typically by sending fraudulent emails, messages, or calls disguised as communications from legitimate sources. It relies heavily on deception and manipulating trust, making awareness the primary defense.

A personalized learning path is a training curriculum specifically tailored to an individual user's needs, based on factors like their role, existing knowledge, simulation performance, risk score, and learning preferences. AI-driven platforms like Adaptive Security excel at creating these paths dynamically, making training more relevant and efficient than generic programs.

Penetration testing, or pen testing, involves authorized, simulated cyberattacks against a computer system or network to evaluate its security and identify vulnerabilities. Phishing simulations through platforms like Adaptive Security are essentially a form of social engineering penetration testing focused on the human element.

Patch management is the process of identifying, testing, and applying software updates, known as patches, to fix security vulnerabilities and bugs in operating systems and applications. While an IT function, awareness training can emphasize the importance of allowing timely updates on user devices, as unpatched systems are prime targets for exploits often delivered via phishing.

Open-source intelligence, or OSINT, is intelligence gathered from publicly available sources, such as social media, news articles, public records, and websites. Attackers use OSINT to research targets and craft highly convincing spear phishing attacks by incorporating personal details. Security awareness training encourages users to be cautious about the information they share publicly.

Network security refers to the policies and practices for monitoring a computer network and its resources. While focused on infrastructure, network security relies on users following secure practices, as compromised credentials obtained via phishing can bypass several network defenses.

Multi-factor authentication, or MFA, is a security measure requiring users to provide two or more different verification factors (such as a password and code from an app) to gain access. While a strong technical control, phishing attacks increasingly try to intercept MFA codes or trick users into approving fraudulent login attempts. Security awareness training reinforces the importance of MFA and how to use it securely.

Microlearning breaks down security awareness training content into small, focused, easily digestible modules or activities, typically designed to be completed in just a few minutes. This approach respects user time, improves knowledge retention, and allows for flexible learning schedules.

In a man-in-the-middle, or MitM, attack, an attacker secretly intercepts and potentially alters communications between two parties who believe they are communicating directly. This can be used to eavesdrop or steal credentials entered on seemingly legitimate websites. While often technical, awareness about secure connections (HTTPS) and verifying website identity helps mitigate risks.

Malware is malicious software designed to damage a computer, server, or network. Phishing is one of the most common methods used by attackers to trick users into downloading and installing malware. Security awareness training is critical for preventing malware infections originating from user actions.

The payload is the part of malware that performs the intended harmful action, such as encrypting files (ransomware), stealing data (spyware), or creating a backdoor for future access. Phishing emails are a primary delivery mechanism for these payloads, initiated when a user clicks a link or opens an attachment. Understanding payloads highlights the potential consequences of clicking.

Machine learning, or ML, is a subset of artificial intelligence (AI) where systems learn from data to improve their performance on a specific task without being explicitly programmed. In platforms like Adaptive Security, ML powers adaptive training paths, personalizes phishing simulations based on user susceptibility, identifies emerging threats, and helps score risk by analyzing vast datasets of user behavior and threat indicators.

A learning management system, or LMS, s a software application used to administer, document, track, report on, and deliver training programs and educational courses. Security awareness training platforms like Adaptive Security may function as a specialized LMS or integrate with existing corporate LMS systems to deliver and manage security education.

The principle of least privilege dictates that users and systems should only be granted the minimum levels of access (privileges) necessary to perform their required functions. This limits the potential damage if an account is compromised via phishing or other means. Training can help users understand why they have certain access levels and the importance of not seeking unnecessary privileges.

A large language model, or LLM, is a type of artificial intelligence (AI) algorithm trained on vast amounts of text data, capable of understanding and generating human-like content for tasks like translation, summarization, and question answering (such as OpenAI's ChatGPT and Google's Gemini). LLMs can be used by attackers to craft highly convincing phishing emails or by defenders to analyze threats and potentially generate training content. Security awareness training must adapt to LLM-generated social engineering.

Knowledge assessments, such as quizzes or tests integrated into training platforms, measure an individual's understanding of specific security concepts or policies. They help gauge the effectiveness of training modules and identify areas where individuals or the organization require further education. Adaptive training systems use assessment results to tailor future learning.

Justin-in-time training is an approach delivering short, highly relevant training content to users immediately after they make a mistake, such as clicking on a simulated phishing link or visiting a blocked website.

An intrusion detection system, or IDS, monitors network or system activities for malicious patterns and produces alerts.

An incident response plan, or IRP, is a documented set of procedures and guidelines an organization follows when responding to a security breach. It outlines roles, responsibilities, communication channels, and steps to minimize damage and restore operations. Security awareness training often includes instructions on their role within the IRP, particularly regarding reporting.

Incident response refers to the organized approach an organization takes to prepare for, detect, contain, eradicate, and recover from a cybersecurity incident or data breach. Trained employees play a vital role in IR by quickly and accurately reporting potential incidents like phishing attempts, enabling a faster response.

Impersonation is a social engineering tactic where an attacker pretends to be someone else — a colleague, a boss, IT support, a known brand — to gain trust and manipulate the victim into revealing information or performing an action. This is a key element in phishing, vishing, and business email compromise (BEC) attacks, making skepticism and verification crucial skills taught in training.

The human firewall is a concept that employees, when properly trained and aware, act as a critical line of defense against cyber threats, particularly social engineering and phishing attacks that target human psychology rather than technical flaws. Building this human firewall is the core objective of security awareness training programs like those offered by Adaptive Security.

A homograph attack uses characters from different scripts (such as Cyrillic or Greek) that look identical or very similar to standard Latin characters within domain names or URLs to trick users. For instance, using a Cyrillic 'а' instead of a Latin 'a' can create a visually deceptive link.

Generative AI, or GenAI, refers to artificial intelligence models capable of creating novel content, including text, images, code, or synthetic data, often based on patterns learned from existing data. In cybersecurity, it can be used by attackers to craft personalized phishing emails at scale or by defenders (like Adaptive Security) to create diverse and realistic simulation scenarios. User training must evolve to recognize potentially AI-generated threats.

A generative adversarial network, or GAN, is a type of AI where two neural networks (a generator and a discriminator) compete, enabling the generator to create highly realistic synthetic data, such as images or text. While having legitimate uses, GANs could potentially be used by attackers to create sophisticated deepfakes or convincing phishing content, underscoring the need for advanced user awareness.

A firewall is a system that monitors network traffic to act as a barrier between the trusted internal network and any untrusted external networks. While essential, firewalls cannot stop threats that users themselves invite in, such as those initiated via phishing. User awareness forms the ‘human firewall’ complementing technical defenses.

An exploit is a piece of software, data, or sequence of commands that takes advantage of a bug or vulnerability in a computer system or software to cause unintended behavior. Exploits are often delivered via phishing attachments or links leading to compromised websites. Training helps users avoid the actions that allow exploits to run.

Endpoint security focuses on securing end-user devices like laptops, desktops, and smartphones, which serve as entry points (endpoints) to the corporate network. Since users interact directly with endpoints, their actions heavily influence endpoint security. Security awareness training is crucial for preventing malware infections and credential compromise on these devices.

Encryption is the process of converting data into a coded format (ciphertext) that can only be deciphered with a specific key, protecting it from unauthorized access. While a technical control, understanding the importance of encryption (such as for data at rest and in transit) can be part of broader security awareness. Phishing attacks often aim to steal keys or credentials protecting encrypted data.

Domain spoofing is a technique where attackers use a fake website domain name or email address that closely resembles a legitimate one to deceive users. This is a common tactic in phishing emails to make malicious links or sender addresses appear trustworthy. Training focuses on teaching users how to carefully inspect domain names and URLs.

Denial-of-service, DoS, and distributed-denial-of-service, DDoS, attacks aim to make a website, service, or network resource unavailable to legitimate users by overwhelming it with traffic or requests, often using compromised systems (botnets). While not directly prevented by user awareness, understanding such threats contributes to a broader security culture.

Data loss prevention, or DLP for short, encompasses strategies, processes, and tools designed to prevent sensitive information from leaving an organization's control, whether accidentally or maliciously. While DLP tools provide technical safeguards, security awareness training educates employees on proper data handling procedures and the risks of sharing sensitive information inappropriately, complementing the technology.

A data breach is a security incident in which protected information, whether sensitive or confidential, is access or disclosed by individuals or groups unauthorized to do so. Phishing attacks are a leading cause of data breaches, often starting with compromised employee credentials. Preventing breaches is a primary goal of robust security awareness programs.

Cybersecurity is the broad practice of protecting internet-connected systems, including hardware, software, and data, from theft, damage, or unauthorized access. It involves a combination of technology, processes, and user awareness. Security awareness training addresses the critical human element within the overall cybersecurity strategy.

Cyber hygiene refers to a set of basic practices individuals and organizations should routinely perform to maintain the health and security of their systems and data. This includes using strong passwords, enabling multi-factor authentication (MFA), updating software promptly, being cautious of links and attachments, and reporting suspicious activity — all key topics reinforced through security awareness training. Good cyber hygiene significantly reduces vulnerability to common attacks.

A cybercriminal is an individual or group who uses computers, networks, and the internet to commit crimes, such as identity theft, fraud, intellectual property theft, or deploying malware like ransomware. Their motivations are typically financial gain. Security awareness training helps protect organizations and individuals from becoming victims of cybercriminal activities like phishing.

Compliance involves adhering to specific laws, regulations, industry standards, and internal policies related to data security and privacy (such as GDPR, HIPAA, and PCI DSS). Many regulations mandate security awareness training as a requirement for compliance, and effective training programs help organizations meet these obligations by ensuring employees understand their responsibilities.

A command-and-control server is a computer controlled by an attacker or cybercriminal used to send commands to systems compromised by malware and receive stolen data. Malware delivered via phishing often establishes a connection back to a C&C server. Understanding this helps illustrate the consequences of a successful phishing attack beyond the initial click.

Cloud security encompasses the policies, technologies, and controls used to protect data, applications, and infrastructure hosted in cloud environments (like AWS, Azure, and Google Cloud). As organizations increasingly rely on the cloud, attackers target cloud credentials via phishing, making user awareness about cloud-specific threats and secure practices vital.

In phishing simulations, the click rate is the percentage of users who clicked on a simulated malicious link or opened a potentially harmful attachment. While a lower click rate is desirable, it serves as a key metric for measuring user susceptibility and identifying areas needing more focused training. Platforms like Adaptive Security use this data to tailor follow-up remediation.

Business email compromise, or BEC for short, is a sophisticated scam targeting organizations through email, where attackers impersonate executives or trusted vendors to trick employees into making fraudulent wire transfers or revealing sensitive information. These attacks often bypass technical filters due to their lack of typical malware, making employee awareness and verification procedures critical defenses.

Baiting is a social engineering tactic where attackers lure victims into compromising security using enticing offers, like free software downloads or malware-infected USB drives left in public areas. It relies on curiosity or greed to trick users into installing malware or divulging information. Security awareness training helps users recognize and avoid such traps.

Authentication is the process of verifying a user's identity before granting access to systems or data, often involving passwords, tokens, or biometrics. While technical authentication methods are critical, attackers constantly try to steal credentials via phishing, making user education on recognizing fake login pages essential. Training reinforces the importance of protecting authentication factors.