Erich Kron

Of all the battles against phishing and social engineering attacks, organizations have a silent and underestimated security threat: the repeat clicker. These individuals, despite years of awareness training and simulated phishing drills, consistently click on suspicious links in emails. Unlike one-time mistakes, repeated clicking indicates ingrained behavioral habits that blanket awareness programs cannot correct. To address this problem, it is necessary to shift beyond generic training and adopt individualized, human-focused approaches that transform habits, attitudes, and risk profiles. Understanding the Repeat Clicker Repeat clickers are not necessarily negligent or oblivious workers. Although highly confident in detecting phishing, they consistently miss…

Phishing and social engineering attacks are exploding as threat actors increasingly discover that humans are the most exploitable entry point in organizations. Unfortunately, 70% of organizations still report that their employees lack critical cybersecurity knowledge, even when many have a formal security awareness training (SAT) program in place. What Are SAT Programs Missing? The success and effectiveness of security awareness programs hinges on three key cornerstones: content, experience, and relationships. Let’s break them down further: Content: Content plays a big role in breaking down complex security topics into simple bits of information. Content quality matters a lot—the more personalized, relevant,…