Guarantees
Our post

Resources and Insights

The latest cyber security news, interviews, technologies, and resources.
Navigating the New NIST Training Guidelines: What You Need to Know
Cyber News

Navigating the New NIST Training Guidelines: What You Need to Know

Unpacking the NIST Cybersecurity Framework 2.0 Public Draft is like unboxing a new gadget—it’s the same but better. The proposed changes in the training requirements are subtle but pinpointed for clarity, trimming any room for misinterpretation. While most vendors miss the mark on role-based training, the new draft illuminates these gaps. Dive in to understand how these changes might be more significant than you think.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Consent Phishing: The Wolf in Sheep's Clothing
Cyber News

Consent Phishing: The Wolf in Sheep's Clothing

Consent phishing is a sneaky tactic where hackers pretend to be trustworthy apps or services to trick people into giving them permissions. Once they have these permissions, they can get into real cloud services and steal sensitive data. This post will explain what consent phishing is, how it works, and how to protect against it, with a focus on the innovative solutions provided by PhishFirewall.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
New York's Cybersecurity Law: A Deep Dive into Its Strengths and Shortcomings
Cyber News

New York's Cybersecurity Law: A Deep Dive into Its Strengths and Shortcomings

New York's financial sector is now governed by the Second Amendment to 23 NYCRR 500, a set of cybersecurity regulations. While the amendment introduces robust technical and procedural requirements, it notably overlooks the human element of cybersecurity. Behavioral science principles, such as cognitive load theory and spaced learning, emphasize the need for digestible, continuous training. Over 90% of breaches start with human error, yet regulations like this one sideline the human element. For cybersecurity measures to be truly effective, continuous security awareness training must be prioritized, ensuring that every individual is empowered with the knowledge and skills to combat cyber threats.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Okta Breach Reveals: It's Time to Hack the Human Psyche, Not Just Systems
Cyber News

Okta Breach Reveals: It's Time to Hack the Human Psyche, Not Just Systems

The recent Okta breach is a stark reminder that the battleground for cybersecurity is not just in the servers, but in the synapses of every employee's brain. 'You can't patch stupid' is a defeatist adage that our industry clings to, yet this breach shows the fallacy of such thinking. Our latest post delves into why a mindset shift is imperative, from outsmarting hackers to outsmarting our own behavioral pitfalls. We argue that the only real fix to the phishing scourge is a revolutionary change in organizational culture, powered by behavioral science. Join us as we explore how ethical hacking and culture change are the duo that can reclaim cybersecurity's future.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Making Cybersecurity Training Approachable and Effective
Educational

Making Cybersecurity Training Approachable and Effective

🔒 Explore the intersection of behavioral science and cybersecurity training in our latest blog post. We delve into how psychological safety and tailored learning approaches, like those employed by PhishFirewall, can significantly enhance cybersecurity training effectiveness. The article highlights the impact of strategies such as spaced learning theory and cognitive load theory in creating engaging, memorable training experiences, and how these methods lead to measurable improvements in security awareness. A must-read for anyone looking to strengthen their cybersecurity training programs with innovative, human-centered techniques. #CybersecurityAwareness #BehavioralScience #TrainingInnovation
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
The Cost of a Data Breach
Educational

The Cost of a Data Breach

Data breaches are becoming increasingly common occurrences, but they are also increasingly expensive. According to a recent report by IBM and the Ponemon Institute, the average cost of a data breach was estimated to be $3.86 million in 2020. This includes recovery costs, disruption to business operations, and reputational damage, as well as myriad other financial losses. Companies should strive to protect their data and information assets in order to avoid such a costly event.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
May 9, 2024
Cyber Insurance Premiums: A Changing Landscape of Risk Assessment
Educational

Cyber Insurance Premiums: A Changing Landscape of Risk Assessment

Defending against cyberattacks appears to be trending in favor of hackers as the growing number of phishing attacks trick employees into downloading malware or clicking on a malicious link. That’s why companies of every size would be well-served to improve their cybersecurity awareness training and secure an affordable cyber insurance policy.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
May 9, 2024
From Wrong Number to Romantic Nightmare: The Shocking Scam That's Claiming New Victims Every Day
Educational

From Wrong Number to Romantic Nightmare: The Shocking Scam That's Claiming New Victims Every Day

🚨scam alert! 🚨 Wrong number texts are leading to a sinister scheme called pig butchering, where scammers use love as a weapon to manipulate and financially devastate victims. 💔💸 Our latest blog post exposes the shocking truth behind these scams and provides essential tips to protect yourself. 🛡️ #wrongnumbertextscam #pigbutcheringscam #scamawareness
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
May 9, 2024
Why Your Security Awareness Program is Failing: The Behavioral Science Perspective
Educational

Why Your Security Awareness Program is Failing: The Behavioral Science Perspective

Want to know why your cybersecurity awareness training isn't working? It's time to ditch the boring, check-the-box approach and embrace behavioral science. By leveraging principles like spaced learning, psychological safety, cognitive load, growth mindset, and situated learning, you can create training that actually sticks. And don't forget the power of gamification – it's not just fun and games, it's a serious tool for driving engagement and retention. Ready to take your training to the next level? Check out our latest blog post, "Why Your Security Awareness Program is Failing: The Behavioral Science Perspective," and learn how to build a culture of security, one behavior at a time. 🔒💡 #cybersecurity #behavioralscience #gamification
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 30, 2024
A Positive Security Awareness Training Program Reduces Insider Cyber Threats
Educational

A Positive Security Awareness Training Program Reduces Insider Cyber Threats

The vast majority of employees do their level best to exercise due diligence and protect a company’s digital assets. However, many employees lack the necessary training, and The effectiveness of security awareness training efforts is largely dependent on how employees perceive the program. If staff members view it as another task that reduces their productivity and leads to more stress, they are likely to treat it like an unwelcome chore. That’s why positive employee attitudes are the bedrock of successful cybersecurity programs.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
2022 Election Cyber Security
Educational

2022 Election Cyber Security

The approach of the US election season is a good time to reflect on cyber threats to our political process, particularly from foreign state adversaries due to their vast resources, advanced capabilities, and malign intent. Cyber threats to our election system also come from other sources, such as hacktivists and criminal organizations, but while they too can create problems, they are not on the same scale or level of competence as those posed by autocratic states like China, Russia, and Iran.
GREGORY SIMS
GREGORY SIMS
April 18, 2024
Top 5 Cognitive Biases Used by Social Engineers
Educational

Top 5 Cognitive Biases Used by Social Engineers

Phishing attacks are a common form of cybercrime that rely on psychological manipulation to trick victims into giving away sensitive information or funds. These attacks often use cognitive biases, which are mental shortcuts that people use to make decisions quickly and easily. Here are the top five cognitive biases used in phishing attacks, along with examples of what the phish might look like for each bias.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Punishment to Partnership: Improve Your Phishing Simulations
Educational

Punishment to Partnership: Improve Your Phishing Simulations

One of the most common features of phishing simulations within the enterprise is landing pages that are designed to determine if users will type in their credentials. At first glance, this might seem like a good idea for identifying vulnerable employees. However, it’s actually a form of exploitation that can lead to a punitive culture within the organization.
CRYSTAL FONTAINE
CRYSTAL FONTAINE
April 18, 2024
You better watch out. Holiday Cyber Grinches are about.
Educational

You better watch out. Holiday Cyber Grinches are about.

Cyber crime is on a historic rise this year, and that means you and your employees are also more vulnerable than ever to emerging cyber threats. This Cyber Monday, making sure your workforce, remote and otherwise, understand online shopping safety basics should be a top cybersecurity priority for your organization. According to February 2022 Gallup survey, 42% of US employees have a hybrid work schedule, and 39% work entirely from home, increasing the odds that your employees are doing more online shopping on-the-clock than ever before.
JOE LAHART
JOE LAHART
April 18, 2024
Social Engineering: The Modern Hacker’s Toolset
Educational

Social Engineering: The Modern Hacker’s Toolset

Social engineering refers to any attempt made by one bad actor to influence another person to do something. In the case of cyber security, social engineering is commonly used as a tactic to gain access to systems or credentials that allow the hacker to carry out a malicious cyber attack. If you are a frequent internet user, you must have encountered some intriguing pop-ups on your browser or notifications in your email like “congratulations, you just won an iPhone. Click here to claim,” which tries to lure you into interacting with corrupted links. These are a basic form of social engineering where a hacker is trying to impersonate a trusted source in order to have you give them your information or to have you access their trapped website.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
The Lucifer Effect: Understanding the Roots of Toxic Cybersecurity Culture
Educational

The Lucifer Effect: Understanding the Roots of Toxic Cybersecurity Culture

Explore the toxic culture within the cybersecurity industry, identify factors fueling this mindset, and discover strategies for promoting positive change, including the adoption of innovative tools!
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
The Power of Warm Fuzzies: Elevating Your Cybersecurity Culture with Positive Relationships
Educational

The Power of Warm Fuzzies: Elevating Your Cybersecurity Culture with Positive Relationships

Explore the importance of positive relationships in fostering a strong security-conscious culture within the cybersecurity industry and learn how tools like PhishFirewall can empower employees with tailored education and simulations.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
The Human Side of Insider Threat Management: Why Mental Health Matters
Educational

The Human Side of Insider Threat Management: Why Mental Health Matters

Explore the importance of addressing mental health in insider threat management and learn how PhishFirewall's AI-driven platform creates an empathetic work environment while improving your organization's security posture.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Redefining Cybersecurity Training: Why Fear Tactics Need to Go
Educational

Redefining Cybersecurity Training: Why Fear Tactics Need to Go

Explore the importance of positive reinforcement in cybersecurity training and learn how companies like PhishFirewall cultivate a positive culture, empowering employees to combat cyber threats and thrive in an increasingly challenging digital world.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
The Power of Ego Bias: How It Can Compromise the C-Suite's Cybersecurity
Educational

The Power of Ego Bias: How It Can Compromise the C-Suite's Cybersecurity

Learn how AI-driven and AI-customized training programs can help organizations mitigate the impact of ego bias in the C-Suite, fostering a proactive security culture and safeguarding cybersecurity.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Understanding Social Engineering: Staying Safe from Human-activated Threats
Educational

Understanding Social Engineering: Staying Safe from Human-activated Threats

Learn about different types of social engineering attacks and practical tips for improving awareness and protection!
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Unleash Your Inner Superheroes: The Power of the Heroic Imagination in Cybersecurity
Educational

Unleash Your Inner Superheroes: The Power of the Heroic Imagination in Cybersecurity

Discover the concept of the heroic imagination and its relevance to cybersecurity, exploring tips for empowering employees as digital superheroes while addressing potential pitfalls and challenges.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
What is a Phishing Simulation and How do I Simulate Phishing Tests?
Educational

What is a Phishing Simulation and How do I Simulate Phishing Tests?

Improve your organization's cybersecurity posture by incorporating PhishFirewall's comprehensive phishing simulation and security awareness training solutions, designed to stop over 99% of phish clicks within six months.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Leveraging AI-Powered Solutions for Smarter Security Awareness Training
Educational

Leveraging AI-Powered Solutions for Smarter Security Awareness Training

Discover how artificial intelligence (AI) can revolutionize security awareness training by making it more adaptive, engaging, and effective in today's evolving cybersecurity landscape.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Building Your Digital Immunity: Why Security Awareness Training is Crucial
Educational

Building Your Digital Immunity: Why Security Awareness Training is Crucial

Learn why security awareness training is crucial for building your digital immunity, protecting against cyber threats, and fostering a culture of security within your organization.
CRYSTAL FONTAINE
CRYSTAL FONTAINE
April 18, 2024
The Sneaky Mind Tricks Behind Social Engineering: Cognitive Biases & How To Prevent Them
Educational

The Sneaky Mind Tricks Behind Social Engineering: Cognitive Biases & How To Prevent Them

A fun deep dive into the top cognitive biases that social engineers love to exploit, complete with examples and tips on how to outsmart them. So buckle up, and let's uncover the secrets of the social engineering world!
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
 The Perils of AI-Driven Phishing: Understanding, Detecting, and Defending
Educational

The Perils of AI-Driven Phishing: Understanding, Detecting, and Defending

Learn about the various types of phishing attacks, the role of AI in enhancing their effectiveness, and valuable tips for detecting and defending against these advanced cyberthreats in our comprehensive guide. Stay informed and protect your sensitive information from AI-driven phishing attacks.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
How Do Phishing Simulations Contribute to Enterprise Security?
Educational

How Do Phishing Simulations Contribute to Enterprise Security?

Learn how phishing simulations serve as an effective training tool to increase employee awareness, reduce human error, and strengthen your organization's overall cybersecurity posture against growing phishing threats.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
The Top 10 Secrets to Effective Phishing Simulations
Educational

The Top 10 Secrets to Effective Phishing Simulations

Phishing simulations play a crucial role in helping companies defend against cyber attacks by providing a safe environment for employees to learn how to identify and respond to phishing attempts. In this comprehensive guide, we explore the top 10 strategies for effective phishing simulations, including focusing on education, communicating the purpose, customizing simulations, praising non-clickers, monitoring progress, offering immediate feedback, encouraging reporting, conducting frequent simulations, using realistic simulations, and analyzing trends. By implementing these tactics, organizations can significantly improve their cybersecurity posture and better protect themselves from potential attacks. With PhishFirewall's fully autonomous AI-driven platform, companies can take their phishing and security awareness training to the next level, ensuring their employees are well-equipped to handle the ever-evolving landscape of cyber threats.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
How Gamified Security Training Empowers Employees to Outsmart Cybercriminals
Educational

How Gamified Security Training Empowers Employees to Outsmart Cybercriminals

Explore the importance of security awareness training in the digital age and discover how gamified security training, like PhishFirewall, can effectively engage employees, improve knowledge retention, and strengthen an organization's cybersecurity posture.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Why the 'You Can't Patch Stupid' Mindset is a Cybersecurity Hazard
Educational

Why the 'You Can't Patch Stupid' Mindset is a Cybersecurity Hazard

The "you can't patch stupid" mindset in cybersecurity is a dangerous and false belief that human error is unpreventable. This article debunks this myth and highlights the importance of continuous education, awareness, and a positive security culture in mitigating cyber threats.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Unzipping a New Era of Cybersecurity Threats: The '.zip' Domain
Educational

Unzipping a New Era of Cybersecurity Threats: The '.zip' Domain

This comprehensive article explores phishing and deceptive URL use in cybercrime, with a spotlight on Google's newly introduced .zip and .mov domains. It includes analysis of domain registration data, potential misuse of new domains, and offers phishing prevention best practices. The piece is a critical read for anyone seeking to understand the evolving landscape of cybersecurity threats.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Kindness as a Strategy: A New Approach to Security Awareness
Educational

Kindness as a Strategy: A New Approach to Security Awareness

It's time to revolutionize security awareness programs by embracing the Carrot-First approach, which focuses on positive reinforcement, empathy, and respect. This methodology fosters collaboration, shared responsibility, and a culture of security that nurtures learning and behavior change. By ditching punitive methods and prioritizing kindness in cybersecurity training, organizations can create a more effective and resilient security culture.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Revolutionizing Digital Learning: NoLMS AI Driven Methodology Explained
Educational

Revolutionizing Digital Learning: NoLMS AI Driven Methodology Explained

The landscape of education and training is ripe for change, and NoLMS, with its AI-driven, personalized, and engaging approach to learning, is poised to lead this revolution.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Choosing NoLMS over Traditional LMS: A Shift Towards Personalized Training
Cyber News

Choosing NoLMS over Traditional LMS: A Shift Towards Personalized Training

Discover why NoLMS is replacing traditional Learning Management Systems in cybersecurity training. Learn how AI, personalized learning pathways, micro-learning, role-based training, and advanced analytics are reshaping cybersecurity education.
JOSHUA CRUMBAUGH
May 24, 2023
Magnetic Attraction: A Woman's Tale of Machine Learning and New Technologies
Cyber News

Magnetic Attraction: A Woman's Tale of Machine Learning and New Technologies

Explore the fascinating intersection of artificial intelligence and materials science in 2023. Discover how machine learning is revolutionizing magnetic materials research, enhancing device performance, and redefining technological possibilities.
CRYSTAL FONTAINE
May 23, 2023
Don't Be a Cybersecurity Tool: Embrace the AI Revolution
Cyber News

Don't Be a Cybersecurity Tool: Embrace the AI Revolution

Cybersecurity has traditionally leaned on a range of tools to safeguard organizations from threats. However, these traditional approaches often lag behind the ever-evolving cyber threat landscape, with vulnerabilities arising from misconfigurations, improper usage, and reliance on human intervention. AI is set to revolutionize cybersecurity by automating threat detection and responses, allowing for faster and more precise actions. It minimizes human error, accelerates responses, and is able to learn and adapt from past incidents, thus offering a more dynamic and proactive defense system.
JOSHUA CRUMBAUGH
May 19, 2023
Breaking Through the Glass Firewall: A Deeper Dive into the Role of Women in Cybersecurity
Cyber News

Breaking Through the Glass Firewall: A Deeper Dive into the Role of Women in Cybersecurity

Explore the evolving landscape of cybersecurity through the lens of gender diversity. This article delves into the increasing role of women in cybersecurity, their significant contributions, and the importance of an inclusive future. Uncover how diversity strengthens digital defense and learn about the inspirational women leading the charge.
CRYSTAL FONTAINE
May 12, 2023
The Double-Edged Sword of AI in Ransomware: Savior or Saboteur
Cyber News

The Double-Edged Sword of AI in Ransomware: Savior or Saboteur

One of the most pressing questions is whether AI will be able to prevent ransomware attacks, or whether it will be used for ransomware attacks.
CRYSTAL FONTAINE
May 6, 2023
2023 CyberSecurity Predictions: An Escalation of Cyber Warfare
Cyber News

2023 CyberSecurity Predictions: An Escalation of Cyber Warfare

The threat from nation state threat actors will loom much larger in 2023 as the gloves come off between the market-based democracies and authoritarian adversaries like China, Russia, and Iran. Up to now the narrative about cybersecurity has mostly centered on criminal threats. Next year will bring greater attention to state-conducted and state-sponsored cyber espionage efforts and infrastructure attacks.
GREGORY SIMS
February 23, 2023
2023 CyberSecurity Predictions: AI vs AI – The Future of Cybersecurity
Cyber News

2023 CyberSecurity Predictions: AI vs AI – The Future of Cybersecurity

One of the biggest trends in cybersecurity expected in 2023 is the rise of AI-driven phishing attacks. These attacks are particularly dangerous because they use artificial intelligence to create customized, highly targeted messages that are designed to trick individuals into giving away sensitive information or clicking on malicious links.
JOSHUA CRUMBAUGH
February 14, 2023
Photo Representing how secure Huntsville is

Huntsville: A Beacon for Cybersecurity

Huntsville is a hub of technology and innovation, making it a lucrative target for cybersecurity threats. Learn How Phishfirewall Helps!
Read post
Joshua's interview with Business Insight

Cyber Security Executive 2022 | Joshua Crumbaugh, PhishFirewall | Business Insight Group

Phishfirewall's CEO Joshua discusses current phishing trends with the Business Insight Group!
Watch Now
Photo of Phishing Attack

How AI and Machine Learning are Changing the Phishing Game

Joshua discusses how AI and machine learning are redefining how the industry looks at phishing.
Read post

Learn Why World Leading Advisory Firm, Frost & Sullivan, Recommends Phishfirewall!

Strengthen your Security Awareness Training with Frost & Sullivan's white paper! Gain insights on why training is more effective when you employ an AI-powered SAT program to protect your business. Download this essential resource today!
We care about your data, learn more in our privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.