Guarantees
X

PhishFirewall Gurantees!

PhishFirewall offers two Guarantees:

Sub-1% Phish Click Rate Guaranteed in first 6 Months

120 day Satisfaction Guaranteed!

Schedule A Demo Now!
Learn More!
Our post

Resources and Insights

The latest cyber security news, interviews, technologies, and resources.
JOSHUA CRUMBAUGH
Cyber News

The Shocking Truth About Phishing: Why Good Employees Keep Falling for Scams

This blog post explores the concept of learned helplessness in phishing susceptibility, using the story of Mike, a diligent accountant, to illustrate how repetitive, unfair phishing training without feedback can lead even cautious employees to feel powerless and give up. The post argues that “gotcha” phishing simulations set employees up to fail, fostering disengagement rather than improving security awareness. The solution? Just-in-time training and gamification, which provide real-time, constructive feedback and make training both fair and engaging. This shift from punitive tactics to educational, empowering methods breaks the cycle of learned helplessness and strengthens employees’ phishing defenses. The post concludes with a call to action to adopt PhishFirewall’s innovative, automated approach to phishing training.
JOSHUA CRUMBAUGH
August 20, 2024
View All
Educational
Cyber News
Company Mentions
The Cost of a Data Breach
Educational

The Cost of a Data Breach

Data breaches are becoming increasingly common occurrences, but they are also increasingly expensive. According to a recent report by IBM and the Ponemon Institute, the average cost of a data breach was estimated to be $3.86 million in 2020. This includes recovery costs, disruption to business operations, and reputational damage, as well as myriad other financial losses. Companies should strive to protect their data and information assets in order to avoid such a costly event.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
May 9, 2024
Cyber Insurance Premiums: A Changing Landscape of Risk Assessment
Educational

Cyber Insurance Premiums: A Changing Landscape of Risk Assessment

Defending against cyberattacks appears to be trending in favor of hackers as the growing number of phishing attacks trick employees into downloading malware or clicking on a malicious link. That’s why companies of every size would be well-served to improve their cybersecurity awareness training and secure an affordable cyber insurance policy.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
May 9, 2024
From Wrong Number to Romantic Nightmare: The Shocking Scam That's Claiming New Victims Every Day
Educational

From Wrong Number to Romantic Nightmare: The Shocking Scam That's Claiming New Victims Every Day

🚨scam alert! 🚨 Wrong number texts are leading to a sinister scheme called pig butchering, where scammers use love as a weapon to manipulate and financially devastate victims. 💔💸 Our latest blog post exposes the shocking truth behind these scams and provides essential tips to protect yourself. 🛡️ #wrongnumbertextscam #pigbutcheringscam #scamawareness
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
May 9, 2024
The Phishing Scam That's Costing Companies Millions: Is Your Business Next?
Cyber News

The Phishing Scam That's Costing Companies Millions: Is Your Business Next?

🚨 New phishing threat alert! 🚨 Fake email chain attacks are costing companies millions, using perfectly spoofed emails that look like real conversations between executives and trusted partners. 😨 These attacks often rely on successful BEC attacks to lend credibility to their schemes, putting your organization at risk. 🕵️‍♂️ Learn more about this evolving threat and how to protect your business in our latest blog post, "The Dangerous Evolution of Phishing: How Fake Email Chains Are Tricking Employees and Stealing Millions." 📚 Don't wait until it's too late – read now and stay informed! 💡 #phishing #cybersecurity #securityawareness
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
May 7, 2024
The Surprising Connection Between Consent Phishing and Corporate Deep Fake Scams
Cyber News

The Surprising Connection Between Consent Phishing and Corporate Deep Fake Scams

🚨 Deep fakes are the new frontier of cybercrime, and your business could be next. 🚨 In our latest blog post, we reveal the shocking tactics scammers are using to impersonate CEOs and steal millions. 💰 Plus, we share expert strategies for spotting these sophisticated scams before they strike. 🕵️‍♂️ Don't wait – read "Deep Fakes: The New Frontier of Cybercrime and How to Spot Them" now and arm your employees with the knowledge they need to protect your organization. 🛡️ #deepfakes #cybersecurity #cybercrime
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
May 2, 2024
Why Your Security Awareness Program is Failing: The Behavioral Science Perspective
Educational

Why Your Security Awareness Program is Failing: The Behavioral Science Perspective

Want to know why your cybersecurity awareness training isn't working? It's time to ditch the boring, check-the-box approach and embrace behavioral science. By leveraging principles like spaced learning, psychological safety, cognitive load, growth mindset, and situated learning, you can create training that actually sticks. And don't forget the power of gamification – it's not just fun and games, it's a serious tool for driving engagement and retention. Ready to take your training to the next level? Check out our latest blog post, "Why Your Security Awareness Program is Failing: The Behavioral Science Perspective," and learn how to build a culture of security, one behavior at a time. 🔒💡 #cybersecurity #behavioralscience #gamification
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 30, 2024
A Positive Security Awareness Training Program Reduces Insider Cyber Threats
Educational

A Positive Security Awareness Training Program Reduces Insider Cyber Threats

The vast majority of employees do their level best to exercise due diligence and protect a company’s digital assets. However, many employees lack the necessary training, and The effectiveness of security awareness training efforts is largely dependent on how employees perceive the program. If staff members view it as another task that reduces their productivity and leads to more stress, they are likely to treat it like an unwelcome chore. That’s why positive employee attitudes are the bedrock of successful cybersecurity programs.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
2022 Election Cyber Security
Educational

2022 Election Cyber Security

The approach of the US election season is a good time to reflect on cyber threats to our political process, particularly from foreign state adversaries due to their vast resources, advanced capabilities, and malign intent. Cyber threats to our election system also come from other sources, such as hacktivists and criminal organizations, but while they too can create problems, they are not on the same scale or level of competence as those posed by autocratic states like China, Russia, and Iran.
GREGORY SIMS
GREGORY SIMS
April 18, 2024
Top 5 Cognitive Biases Used by Social Engineers
Educational

Top 5 Cognitive Biases Used by Social Engineers

Phishing attacks are a common form of cybercrime that rely on psychological manipulation to trick victims into giving away sensitive information or funds. These attacks often use cognitive biases, which are mental shortcuts that people use to make decisions quickly and easily. Here are the top five cognitive biases used in phishing attacks, along with examples of what the phish might look like for each bias.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Don't Let Third-Party Cloud Threats Steal Your Sunshine
Educational

Don't Let Third-Party Cloud Threats Steal Your Sunshine

Learn how to protect your business from potential security risks posed by third-party cloud services. Our comprehensive guide provides insights into identifying these threats and implementing robust security measures to safely leverage the benefits of cloud computing. Stay alert, be prepared, and keep your business secure in the digital skies.
CRYSTAL FONTAINE
CRYSTAL FONTAINE
April 18, 2024
Overcoming Phishing: 5 Mistakes to Avoid in Your Security Awareness Training
Educational

Overcoming Phishing: 5 Mistakes to Avoid in Your Security Awareness Training

Overcoming phishing threats requires a shift in mindset and approach to security awareness training. By avoiding common mistakes, such as victim blaming, focusing on timely training, providing constructive feedback, prioritizing education over punishment, and utilizing micro-content, organizations can create a resilient cyber culture. Embracing PhishFirewall's pioneering solutions, like their innovative noLMS approach, gamified training, and AI cyber coaching, will revolutionize security training and build a stronger, more secure future for organizations.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Unmasking Cybercriminals: The Psychology Behind Phishing Tactics and Online Safety
Educational

Unmasking Cybercriminals: The Psychology Behind Phishing Tactics and Online Safety

Explore the deep psychology behind phishing scams and how cybercriminals exploit human vulnerabilities. Understand their manipulation tactics and learn crucial defense strategies. Equip yourself with the knowledge to stay safe in the digital landscape.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Security Awareness Training & Phishing Simulations: A Must for HIPAA-Compliant Healthcare
Educational

Security Awareness Training & Phishing Simulations: A Must for HIPAA-Compliant Healthcare

Explore the crucial role of security awareness training and phishing simulations in HIPAA-compliant healthcare data management. Understand why these practices are essential in protecting sensitive patient data and maintaining trust in today's rapidly evolving cybersecurity landscape.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Channeling Your Inner Jedi: The Star Wars Guide to Blocking Mobile Attacks
Educational

Channeling Your Inner Jedi: The Star Wars Guide to Blocking Mobile Attacks

CRYSTAL FONTAINE
CRYSTAL FONTAINE
April 18, 2024
PhishFirewall's Effective Security Awareness Training for a Cyber-Resilient Workforce
Educational

PhishFirewall's Effective Security Awareness Training for a Cyber-Resilient Workforce

Discover how PhishFirewall's innovative approach to cybersecurity training, combining microlearning, cognitive psychology, and AI technology, transforms employees into a resilient, first line of defense against evolving cyber threats. Schedule a demo today and embrace the future of cybersecurity.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Conquering the Digital Frontier: Mastering Cybersecurity in the Remote Work Era
Educational

Conquering the Digital Frontier: Mastering Cybersecurity in the Remote Work Era

Embrace the new era of remote work safely and securely with our comprehensive guide. Understand the common cyber threats - phishing, ransomware, MitM, and brute force attacks - and learn effective measures like advanced security suites, secured Wi-Fi, MFA, VPN, regular updates, and cybersecurity training to safeguard your digital workspace.
CRYSTAL FONTAINE
CRYSTAL FONTAINE
April 18, 2024
The Psychology of Phishing Defenses: A No-Bull Look at Three CISOs
Educational

The Psychology of Phishing Defenses: A No-Bull Look at Three CISOs

Think all CISOs are created equal? Think again. Last week, I got up close and personal with three Fortune 500 CISOs, and what I found was a cybersecurity circus. From punitive drill sergeants to overconfident gamblers, the range was staggering. But there was one Visionary who stood out. Dive into this no-holds-barred account that exposes the glaring gaps in cybersecurity thinking and why psychology can't be ignored!
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
The Imperative of Collective Cybersecurity in a Digital Age
Educational

The Imperative of Collective Cybersecurity in a Digital Age

Explore the evolving challenges of cybersecurity in the digital age, from rising threats to the crucial role of collective action. Dive into the innovative solutions like PhishFirewall that offer a unified defense against cyber threats, emphasizing the importance of collaboration, education, and technology in safeguarding our digital future.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
The Psychology of the Click: Why Phishing Won’t Stop Until We Change
Educational

The Psychology of the Click: Why Phishing Won’t Stop Until We Change

In the ever-evolving landscape of cybersecurity, phishing remains a stubbornly persistent threat. This post dives deep into the psychological underpinnings that make phishing so effective, revealing that it's not just a technology issue, but a human one. Drawing from cognitive psychology, the article discusses how cognitive biases and learned helplessness contribute to the problem. It critically examines why most existing training methods are woefully ineffective, highlighting their one-size-fits-all approach and low retention rates. The article concludes with a look into the future, where advanced AI could further empower individuals to become the ultimate human firewall against phishing attacks.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
The Human Element: Your Most Undervalued Cybersecurity Asset
Educational

The Human Element: Your Most Undervalued Cybersecurity Asset

In the realm of cybersecurity, the spotlight often falls on technology—firewalls, AI-driven threat detection, and other advanced solutions. But what if the key to robust cybersecurity lies not just in your tech stack but in the people operating behind it? In this talk, we shift the focus from viewing humans as the weakest link to recognizing them as invaluable assets in your cybersecurity strategy. We'll discuss why every avoided phishing attack is a victory for the "human firewall," and why investing in your people could prevent over 90% of potential breaches. You'll learn about the only three metrics that matter in cybersecurity and how a human-centric approach can offer a substantial return on investment. Overcoming the common objections to a human-centric strategy, this talk will arm you with the insights to rethink your cybersecurity strategy. By the end, you'll be convinced that the human element is not just a part of the solution—it is the solution. Embark on your journey to strengthen your human firewall and transform your organization's cybersecurity posture.
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Building the Human Firewall: A Comprehensive Guide to Fortifying Your BEST Line of Defense
Educational

Building the Human Firewall: A Comprehensive Guide to Fortifying Your BEST Line of Defense

JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
Making Cybersecurity Training Approachable and Effective
Educational

Making Cybersecurity Training Approachable and Effective

🔒 Explore the intersection of behavioral science and cybersecurity training in our latest blog post. We delve into how psychological safety and tailored learning approaches, like those employed by PhishFirewall, can significantly enhance cybersecurity training effectiveness. The article highlights the impact of strategies such as spaced learning theory and cognitive load theory in creating engaging, memorable training experiences, and how these methods lead to measurable improvements in security awareness. A must-read for anyone looking to strengthen their cybersecurity training programs with innovative, human-centered techniques. #CybersecurityAwareness #BehavioralScience #TrainingInnovation
JOSHUA CRUMBAUGH
JOSHUA CRUMBAUGH
April 18, 2024
AI Phishing Attacks Exposed—Protect Your Team Today!
Cyber News

AI Phishing Attacks Exposed—Protect Your Team Today!

In our latest blog post, we explore how different departments within an organization face unique cybersecurity threats, each requiring a tailored defense strategy. From sales teams dealing with phishing emails disguised as client communications to developers targeted with malicious code embedded in code repositories, recognizing these distinct attack profiles is crucial. By implementing role-based training and microlearning, organizations can empower every employee to become a vigilant defender against threats specific to their roles. Discover how PhishFirewall's customized approach transforms departmental vulnerabilities into collective strengths, fostering a security-aware culture across the entire organization.
JOSHUA CRUMBAUGH
November 21, 2024
Elevating Experts Reveal the #1 Mistake Companies Make in Cybersecurity!
Cyber News

Elevating Experts Reveal the #1 Mistake Companies Make in Cybersecurity!

In our latest blog post, we reveal how even top cybersecurity executives aren't immune to sophisticated cyber attacks! 😱 **Chris Nicolaou, the Chief Information Security Officer (CISO) of CloudSpace**, shared his shocking experience of nearly falling victim to a cunning phishing attempt. This eye-opening incident highlights the hidden dangers lurking within organizations and how hackers exploit human vulnerability—even among the experts. But there's good news! You can transform your biggest vulnerability—your employees—into your greatest strength. Discover how microtraining, role-based education, and positive reinforcement can empower your team to outsmart cybercriminals at every turn. Learn about the game-changing strategies and tools (like PhishFirewall's AI Cyber Coach) that can keep your business one step ahead of evolving threats. 🚀 Don't miss out on these insider insights that could save your company from disaster! Read the full story now and take the first step toward fortifying your organization's cybersecurity posture.
JOSHUA CRUMBAUGH
November 19, 2024
Stop Cyber Threats at Their Source: The Power of Human-Centric Training
Cyber News

Stop Cyber Threats at Their Source: The Power of Human-Centric Training

In a recent episode of the "Phishing for Answers" podcast, PhishFirewall's CEO, Joshua Crumbaugh, had a conversation with cybersecurity expert Ray Espinoza about the crucial role of human behavior in cybersecurity. They discussed how understanding and leveraging behavioral science can transform employees from potential risks into valuable assets in the fight against cyber threats. By focusing on relationship-building, role-based training, gamification, and continuous microtraining, organizations can reduce human error and build a positive security culture. PhishFirewall's innovative approach aligns perfectly with these strategies, offering AI-driven, gamified training solutions that make security awareness engaging and effective.
JOSHUA CRUMBAUGH
November 14, 2024
Eliminating Human Error: How Behavioral Science Transforms Cybersecurity
Cyber News

Eliminating Human Error: How Behavioral Science Transforms Cybersecurity

In a recent episode of the "Phishing for Answers" podcast, PhishFirewall's CEO, Joshua Crumbaugh, sat down with cybersecurity expert Pieter VanIperen of Own Company to discuss how understanding human behavior is key to reducing human error in cybersecurity. They explored how leveraging behavioral science, role-based training, and positive reinforcement can transform employees from potential risks into strong defenders against cyber threats. By focusing on gamification, AI-driven insights, and just-in-time training, they highlighted how organizations can build a human-centric cybersecurity culture that reduces errors and enhances overall security. PhishFirewall's innovative approach makes cybersecurity training engaging and effective, turning human error into an organization's greatest defense.
JOSHUA CRUMBAUGH
November 12, 2024
Secure Your Organization in 42 Seconds: Micro-Training Explained
Cyber News

Secure Your Organization in 42 Seconds: Micro-Training Explained

In a recent episode of the "Phishing for Answers" podcast, PhishFirewall's CEO, Joshua Crumbaugh, and cybersecurity expert Norman Kromberg discuss how human-centric approaches can significantly reduce human error in cybersecurity. They explore the power of role-based training, the effectiveness of micro-training through short videos, and the importance of positive reinforcement. By focusing on engaging and tailored training methods, organizations can transform their employees from potential risks into their strongest defense against cyber threats. PhishFirewall leads the way with innovative micro-training solutions that make cybersecurity both accessible and enjoyable for everyone.
JOSHUA CRUMBAUGH
November 9, 2024
Cybersecurity Revolution with Jess Vachon, CISO of PRA Group: How Role-Based Training and Automated Defense Can Shield Your Business
Cyber News

Cybersecurity Revolution with Jess Vachon, CISO of PRA Group: How Role-Based Training and Automated Defense Can Shield Your Business

🚀 New Blog Post: I had an insightful conversation with Jess Vachon, CISO of PRA Group, about revolutionizing cybersecurity through role-based training and automation. Discover how micro-learning and AI awareness are critical in today’s threat landscape, and how solutions like PhishFirewall can shield your business from sophisticated cyber attacks. 👉 Watch the full episode to learn how to fortify your defenses and empower your team!
JOSHUA CRUMBAUGH
November 2, 2024
Question Everything: Redefining Cybersecurity Training with Wendy Nather and Joshua Crumbaugh
Cyber News

Question Everything: Redefining Cybersecurity Training with Wendy Nather and Joshua Crumbaugh

Wendy Nather, a cybersecurity leader, joins PhishFirewall CEO Joshua Crumbaugh to tackle some of the biggest gaps in security awareness. They examine why traditional training often fails, the transformative impact of role-based and AI-driven training, and why users should be viewed as assets rather than weak links. Wendy shares insights from research showing that organizations with targeted, role-specific training see far better outcomes. They also discuss the importance of creating an open environment where employees feel empowered to report security concerns.
JOSHUA CRUMBAUGH
October 30, 2024
Adapting to AI-Driven Threats: Dr. Joshua Scarpino’s Take on Cybersecurity
Cyber News

Adapting to AI-Driven Threats: Dr. Joshua Scarpino’s Take on Cybersecurity

In this episode of Phishing for Answers, Dr. Joshua Scarpino, CISO of TrustEngine, discusses the future of security awareness training. He highlights the importance of personalized, bite-sized training sessions and adapting to AI-driven cyber threats. Dr. Scarpino emphasizes the need for ongoing, relevant training that ties both to employees’ roles and personal lives to create a lasting culture of security. Learn how TrustEngine’s approach mirrors the key strategies that PhishFirewall brings to the table, ensuring your team is always one step ahead of evolving threats.
JOSHUA CRUMBAUGH
October 24, 2024
I Swear I’m Your CFO (Send That Dough)
Cyber News

I Swear I’m Your CFO (Send That Dough)

In a world full of phishing scams and fake requests, “I Swear I’m Your CFO” brings some much-needed humor to an all-too-common scam: the fake boss asking for gift cards. This hilarious and catchy tune teaches listeners a critical cybersecurity lesson—if your CFO is asking for gift cards, it’s definitely NOT your CFO!
JOSHUA CRUMBAUGH
October 19, 2024
The Human Firewall: Building a Culture of Cyber Vigilance
Cyber News

The Human Firewall: Building a Culture of Cyber Vigilance

In this episode of Phishing for Answers, Joshua Crumbaugh interviews Marcos Marrero, CISO of H.I.G. Capital, to discuss the unique security challenges in private equity and how his team has developed a culture of vigilance. Marrero shares a story about a sophisticated fake data room scam targeting their firm, emphasizing the importance of continuous security awareness and employee empowerment. Key takeaways include turning employees into “human firewalls,” fostering a “see something, say something” culture, and simplifying security communication for non-technical stakeholders. PhishFirewall’s AI cyber coach aligns with these principles by providing continuous, role-based training and phishing simulations to strengthen security both in the workplace and in employees’ personal lives.
JOSHUA CRUMBAUGH
October 17, 2024
How to Build a Security-First Culture: Insights from Fred Kwong, CISO of DeVry University
Cyber News

How to Build a Security-First Culture: Insights from Fred Kwong, CISO of DeVry University

JOSHUA CRUMBAUGH
October 15, 2024
Building a Risk-Aware Culture: Insights from Paul Sheth, CISO of the WTA
Cyber News

Building a Risk-Aware Culture: Insights from Paul Sheth, CISO of the WTA

JOSHUA CRUMBAUGH
October 12, 2024
Building a Proactive Security Culture with James Phillips
Cyber News

Building a Proactive Security Culture with James Phillips

In this episode, James Phillips, Principal Consultant at SAPCG, delves into the importance of role-based training and how AI automation is transforming cybersecurity awareness. He discusses the growing sophistication of phishing attacks and how PhishFirewall’s zero-campaign management and AI-driven cyber coach provide a customized and friendly training experience. With micro-training sessions that are less than a minute long, PhishFirewall is the TikTok of cybersecurity awareness, ensuring that employees stay engaged and protected with minimal disruption to their workflow.
JOSHUA CRUMBAUGH
October 11, 2024
The Evolution of Phishing: Personalized Attacks on Your Business Units
Cyber News

The Evolution of Phishing: Personalized Attacks on Your Business Units

In this episode, Christopher Russell, CISO of tZERO Group, explains how attackers are shifting from mass phishing attempts to highly targeted, personalized attacks that mimic normal business communications. Russell emphasizes the importance of role-based training, fostering a supportive security culture, and using phishing simulations to build trust within organizations. Discover how to protect your teams from this new wave of phishing threats and keep your business secure.
JOSHUA CRUMBAUGH
October 10, 2024
Strengthening Security Culture with Steve Cobb, CISO of Security Scorecard
Cyber News

Strengthening Security Culture with Steve Cobb, CISO of Security Scorecard

Join us as Steve Cobb, CISO of Security Scorecard, shares insights on the human side of cybersecurity, building a strong security culture, and tackling insider threats. Don’t miss his expert take on fostering engagement and resilience in today’s evolving threat landscape. #Cybersecurity #InsiderThreats #SecurityCulture #PhishFirewall
JOSHUA CRUMBAUGH
October 9, 2024
The Importance of Empathy in Security Awareness: Insights from Tim Dzierzek, CISO of Aya Healthcare
Cyber News

The Importance of Empathy in Security Awareness: Insights from Tim Dzierzek, CISO of Aya Healthcare

Tim Dzierzek, CISO of Aya Healthcare, shares why employees are the real assets in your defense, how empathy drives better phishing simulations, and why AI-powered, role-specific training is the future of security awareness. Listen to this episode of Phishing for Answers for practical insights on building a human-centered security culture.
JOSHUA CRUMBAUGH
October 9, 2024
If We're Laughing, We're Learning: Mike Crandall’s Unconventional Approach to Cybersecurity
Cyber News

If We're Laughing, We're Learning: Mike Crandall’s Unconventional Approach to Cybersecurity

In this episode of Phishing for Answers, Mike Crandall shares his journey from military service to leading cybersecurity initiatives for small to mid-sized businesses. Mike reveals some of the most interesting phishing tests he’s run, including one where a city employee clicked a link three times a day for a week, trying to claim a gift card! With a background in building secure networks for the Department of Defense, Mike discusses the challenges of building a security culture in organizations, the role of phishing simulations, and the importance of role-based training. He emphasizes the need to change the way we treat users, turning them from the “weak link” into the first line of defense. Whether you’re looking to improve your security awareness programs or better understand how to engage employees in cybersecurity, this episode is packed with practical advice and real-world stories.
JOSHUA CRUMBAUGH
October 3, 2024
Social Engineering and the Human Factor: Why Cybersecurity Must Evolve
Cyber News

Social Engineering and the Human Factor: Why Cybersecurity Must Evolve

In this episode of "Phishing for Answers," Kip James, a cybersecurity expert at the Bureau of Reclamation, shares his journey from the early days of technology as a hobbyist to becoming a seasoned CISO. With over four decades of experience, Kip provides valuable insights on building a culture of security, the human element in cybersecurity, the evolving role of AI, and effective strategies for phishing awareness and employee training.
JOSHUA CRUMBAUGH
October 2, 2024
Elevating Cybersecurity Awareness Training: Insights from Bob Fabien and Joshua Crumbaugh
Cyber News

Elevating Cybersecurity Awareness Training: Insights from Bob Fabien and Joshua Crumbaugh

This blog post recaps the conversation between Bob Fabien and Joshua Crumbaugh, focusing on the importance of human-centric training in cybersecurity. They discuss how behavioral science, micro-training, and simulations can effectively reduce phishing attacks and strengthen organizational defenses.
JOSHUA CRUMBAUGH
October 2, 2024
CMMC Level 2 Contractors: Protect CUI with These Critical Role-Based Training Tips
Cyber News

CMMC Level 2 Contractors: Protect CUI with These Critical Role-Based Training Tips

CMMC Level 2 compliance demands more than generic cybersecurity training—it requires role-specific training to tackle unique risks across your organization. Each department, from Helpdesk to Developers, faces distinct threats based on the data they handle. In this blog, we break down why role-based training is critical for CMMC compliance, focusing on key roles like SOC Analysts, Network Engineers, and HR personnel. We offer practical tips to ensure these roles are prepared to safeguard CUI and meet stringent security standards.
JOSHUA CRUMBAUGH
August 20, 2024
The Shocking Truth About Phishing: Why Good Employees Keep Falling for Scams
Cyber News

The Shocking Truth About Phishing: Why Good Employees Keep Falling for Scams

This blog post explores the concept of learned helplessness in phishing susceptibility, using the story of Mike, a diligent accountant, to illustrate how repetitive, unfair phishing training without feedback can lead even cautious employees to feel powerless and give up. The post argues that “gotcha” phishing simulations set employees up to fail, fostering disengagement rather than improving security awareness. The solution? Just-in-time training and gamification, which provide real-time, constructive feedback and make training both fair and engaging. This shift from punitive tactics to educational, empowering methods breaks the cycle of learned helplessness and strengthens employees’ phishing defenses. The post concludes with a call to action to adopt PhishFirewall’s innovative, automated approach to phishing training.
JOSHUA CRUMBAUGH
August 20, 2024
Understanding Darcula: The New Phishing-as-a-Service Threat
Cyber News

Understanding Darcula: The New Phishing-as-a-Service Threat

Discover how Darcula, a new phishing-as-a-service platform, is revolutionizing cybercrime with easy-to-use phishing kits and sophisticated tactics. Learn why businesses must enhance their security measures to combat this emerging threat and protect their sensitive data.
JOSHUA CRUMBAUGH
May 29, 2024
How AI is Transforming Cybersecurity – And Why You Can’t Afford to Ignore It
Cyber News

How AI is Transforming Cybersecurity – And Why You Can’t Afford to Ignore It

AI is revolutionizing cybersecurity, but it’s also empowering cybercriminals. This post explores how AI advancements by Apple and Microsoft highlight the urgent need for AI-driven defenses. Discover how PhishFirewall’s AI training prepares your team to stop sophisticated phishing attacks and stay ahead of AI-driven threats. Don’t wait—integrate AI into your cybersecurity strategy today!
JOSHUA CRUMBAUGH
May 22, 2024
Judgment Day for Government Agencies: AI-Powered Phishing Attacks on the Rise
Cyber News

Judgment Day for Government Agencies: AI-Powered Phishing Attacks on the Rise

🚨 URGENT ALERT 🚨 PhishFirewall has uncovered a massive surge in AI-powered Adobe Sign phishing attacks targeting state and local government agencies and law enforcement! 😱 These sneaky attackers are using advanced techniques like consent phishing to bypass MFA and gain access to sensitive data. 🕵️‍♂️ Don't let your organization fall victim to these convincing scams! 🛡️ Read our latest blog post to learn how PhishFirewall's can help you stay one step ahead of the bad guys. 💪 #PhishFirewall #AdobeSignPhishing #ConsentPhishing
JOSHUA CRUMBAUGH
May 10, 2024
The Phishing Scam That's Costing Companies Millions: Is Your Business Next?
Cyber News

The Phishing Scam That's Costing Companies Millions: Is Your Business Next?

🚨 New phishing threat alert! 🚨 Fake email chain attacks are costing companies millions, using perfectly spoofed emails that look like real conversations between executives and trusted partners. 😨 These attacks often rely on successful BEC attacks to lend credibility to their schemes, putting your organization at risk. 🕵️‍♂️ Learn more about this evolving threat and how to protect your business in our latest blog post, "The Dangerous Evolution of Phishing: How Fake Email Chains Are Tricking Employees and Stealing Millions." 📚 Don't wait until it's too late – read now and stay informed! 💡 #phishing #cybersecurity #securityawareness
JOSHUA CRUMBAUGH
May 3, 2024
The Surprising Connection Between Consent Phishing and Corporate Deep Fake Scams
Cyber News

The Surprising Connection Between Consent Phishing and Corporate Deep Fake Scams

🚨 Deep fakes are the new frontier of cybercrime, and your business could be next. 🚨 In our latest blog post, we reveal the shocking tactics scammers are using to impersonate CEOs and steal millions. 💰 Plus, we share expert strategies for spotting these sophisticated scams before they strike. 🕵️‍♂️ Don't wait – read "Deep Fakes: The New Frontier of Cybercrime and How to Spot Them" now and arm your employees with the knowledge they need to protect your organization. 🛡️ #deepfakes #cybersecurity #cybercrime
JOSHUA CRUMBAUGH
May 1, 2024
Okta Breach Reveals: It's Time to Hack the Human Psyche, Not Just Systems
Cyber News

Okta Breach Reveals: It's Time to Hack the Human Psyche, Not Just Systems

The recent Okta breach is a stark reminder that the battleground for cybersecurity is not just in the servers, but in the synapses of every employee's brain. 'You can't patch stupid' is a defeatist adage that our industry clings to, yet this breach shows the fallacy of such thinking. Our latest post delves into why a mindset shift is imperative, from outsmarting hackers to outsmarting our own behavioral pitfalls. We argue that the only real fix to the phishing scourge is a revolutionary change in organizational culture, powered by behavioral science. Join us as we explore how ethical hacking and culture change are the duo that can reclaim cybersecurity's future.
JOSHUA CRUMBAUGH
November 7, 2023
New York's Cybersecurity Law: A Deep Dive into Its Strengths and Shortcomings
Cyber News

New York's Cybersecurity Law: A Deep Dive into Its Strengths and Shortcomings

New York's financial sector is now governed by the Second Amendment to 23 NYCRR 500, a set of cybersecurity regulations. While the amendment introduces robust technical and procedural requirements, it notably overlooks the human element of cybersecurity. Behavioral science principles, such as cognitive load theory and spaced learning, emphasize the need for digestible, continuous training. Over 90% of breaches start with human error, yet regulations like this one sideline the human element. For cybersecurity measures to be truly effective, continuous security awareness training must be prioritized, ensuring that every individual is empowered with the knowledge and skills to combat cyber threats.
JOSHUA CRUMBAUGH
November 3, 2023
Consent Phishing: The Wolf in Sheep's Clothing
Cyber News

Consent Phishing: The Wolf in Sheep's Clothing

Consent phishing is a sneaky tactic where hackers pretend to be trustworthy apps or services to trick people into giving them permissions. Once they have these permissions, they can get into real cloud services and steal sensitive data. This post will explain what consent phishing is, how it works, and how to protect against it, with a focus on the innovative solutions provided by PhishFirewall.
JOSHUA CRUMBAUGH
November 2, 2023
Navigating the New NIST Training Guidelines: What You Need to Know
Cyber News

Navigating the New NIST Training Guidelines: What You Need to Know

Unpacking the NIST Cybersecurity Framework 2.0 Public Draft is like unboxing a new gadget—it’s the same but better. The proposed changes in the training requirements are subtle but pinpointed for clarity, trimming any room for misinterpretation. While most vendors miss the mark on role-based training, the new draft illuminates these gaps. Dive in to understand how these changes might be more significant than you think.
JOSHUA CRUMBAUGH
October 27, 2023
Photo Representing how secure Huntsville is

Huntsville: A Beacon for Cybersecurity

Huntsville is a hub of technology and innovation, making it a lucrative target for cybersecurity threats. Learn How Phishfirewall Helps!
Read post
Joshua's interview with Business Insight

Cyber Security Executive 2022 | Joshua Crumbaugh, PhishFirewall | Business Insight Group

Phishfirewall's CEO Joshua discusses current phishing trends with the Business Insight Group!
Watch Now
Photo of Phishing Attack

How AI and Machine Learning are Changing the Phishing Game

Joshua discusses how AI and machine learning are redefining how the industry looks at phishing.
Read post

Learn Why World Leading Advisory Firm, Frost & Sullivan, Recommends Phishfirewall!

Strengthen your Security Awareness Training with Frost & Sullivan's white paper! Gain insights on why training is more effective when you employ an AI-powered SAT program to protect your business. Download this essential resource today!
We care about your data, learn more in our privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.