Skip to main content

Navigation

Catalogue

Security Awareness Privacy & Compliance AI & LLM Security Real-World Incidents

By Industry

Healthcare Financial Services Government Manufacturing Retail & E-commerce Education Legal Services SaaS & Technology Managed Service Providers Non-Profit

By Use Case

Employee Onboarding Annual Compliance Cyber Insurance Readiness Audit Evidence Prep Remote Workforce Contractor & Vendor Breach Response Rehearsal M&A Due Diligence LMS Migration Board-Level Reporting

Threat Library

Phishing Ransomware Deepfake Social Engineering Business Email Compromise AI Prompt Injection

Product

Features SCORM FAQ

Resources

Blog Glossary CISO Guide Compliance Mapping Free Exercises Product Data Sheet

Company

About Us Partnerships Vendor Comparisons Contact

Legal

Security & Compliance Privacy Policy Terms of Service
English Українська
Book a Demo
Threat Library

Defend Against the Threats That Actually Hit Enterprises

Each pillar covers what the threat is, how attackers run it in 2026, real-world cases, the defensive layers that work, and the training scenarios that build the human reflex.

By Last reviewed

Top initial-access vector

Phishing

The fraudulent message attack that drives most enterprise breaches across email, SMS, voice, QR, and chat.

Read the pillar
Top financial-impact threat

Ransomware

Encryption-and-extortion malware that costs enterprises an average of $5.13M per incident, per IBM 2024.

Read the pillar
Fastest-growing AI threat

Deepfake

AI-cloned voice and video that impersonates executives to authorize wires, leak data, and bypass verification.

Read the pillar
Human-layer attack vector

Social Engineering

The human-layer attack that manipulates targets into bypassing their own controls across email, voice, SMS, in-person, and live video.

Read the pillar
Top financial-loss vector

Business Email Compromise

The targeted email fraud that drove $2.9 billion in 2023 FBI IC3 reported losses by impersonating executives, vendors, and trusted partners.

Read the pillar
OWASP LLM01: top AI threat

AI Prompt Injection

Adversarial instructions hidden in content that hijack enterprise LLMs and AI agents into leaking data or taking unauthorized actions.

Read the pillar

What are the most common cybersecurity threats facing enterprises?

The most common cybersecurity threats hitting enterprises are phishing, ransomware, and AI-driven attacks like deepfake voice and video fraud. The Verizon 2024 Data Breach Investigations Report attributes 68% of breaches to a non-malicious human element, and the FBI Internet Crime Complaint Center logged $12.5 billion in reported losses for 2023, with business email compromise alone accounting for $2.9 billion.

Ransomware remains the costliest category. IBM Cost of a Data Breach 2024 puts the average breach at $4.88 million, with ransomware-related incidents averaging $5.13 million. Deepfake-driven fraud crossed the $25 million threshold in the 2024 Arup case, where a finance worker authorized a wire after a video call with what appeared to be the company executives. Regula 2023 reported that 49% of organizations had encountered deepfake-based fraud.

Defense relies on layered controls. Technical layers include phishing-resistant MFA (FIDO2 and passkeys), DMARC at p=reject, immutable offline backups, and EDR with behavioral detection. Human layers require recurring scenario-based simulations, role-tuned training for finance and executives, and a one-click reporting culture. Each pillar below maps the threat to the exact training scenarios that build the verification reflex.

How we sequence threat coverage

The threat library is sequenced by the empirical breach record, not by what a vendor wants to sell. Phishing leads because it remains the dominant initial-access vector in the Verizon DBIR series. Ransomware follows because it carries the highest single-incident cost and has shifted from opportunistic to vendor-impersonation since 2023. Business email compromise sits beside ransomware in dollar exposure and is still the top FBI IC3 loss category. Social engineering is the parent abstraction; the named groups (Scattered Spider, 0ktapus, FIN7, TA453) all live inside it.

Deepfake and AI prompt injection are newer, but the public-disclosure curve is steep. The 2024 Arup $25 million case redefined the threat for finance and treasury teams. Microsoft 365 Copilot, Slack AI, and Bing Chat have all shipped post-disclosure mitigations for prompt-injection chains that exfiltrated data without a click. We surface both pillars because the defensive controls (verification reflex, agent permission scoping, retrieval allowlisting) are still maturing in most enterprises and need explicit training programs rather than ad-hoc memos.

Each pillar follows the same structure: definition, attacker workflow, real cases with named victims, the defense framework, and the exact training scenarios from the 100+ exercise catalogue that drill the human side. Sources are listed at the end of every pillar so security leaders can cite the same primary research the page does — CISA advisories, FBI joint cybersecurity advisories, NIST publications, IBM and Sophos threat reports, OWASP LLM Top 10, and the Verizon DBIR.

Frequently Asked Questions

How security leaders prioritize threat training.

Which threats should a new security awareness program cover first?

Phishing comes first, because it is the most common initial-access vector across the Verizon DBIR data set. Ransomware comes second, because it carries the highest cost when it lands. Deepfake and AI-era threats come third, because the attack volume is rising fast and the defensive controls (callback verification, code-word policies) are still maturing in most enterprises. Coverage of all three on day one is now the table-stakes program.

How often should each threat be re-trained?

Phishing should be drilled monthly through realistic simulations. Ransomware-adjacent skills (the initial-access lures, incident reporting, backup verification) should be drilled quarterly. Deepfake and AI-era threats should be drilled at least quarterly for finance and executive teams, and twice a year for the full workforce. Annual one-off training is now widely understood to underperform compared to recurring scenario-based practice.

How do these threat pillars relate to the exercise catalogue?

Each pillar is a topic-cluster hub. The pillar explains the threat at a leadership level (definitions, case studies, defense framework, training approach). The 100+ exercise catalogue is where the actual training scenarios live. Every pillar links to the specific exercises that drill the verification reflex for that threat, so a security leader reading the pillar can hand the linked exercises to the team that needs them.

Are these guides specific to the United States, or international?

The guides are written for a global enterprise audience. Statistics from Verizon DBIR, FBI IC3, IBM Cost of a Data Breach, ENISA, and similar sources are global where the data set is global, and US-specific where the source is US-only. Defensive frameworks (DMARC, FIDO2, NIST IR phases) are cross-jurisdictional. Compliance framing (HIPAA, GDPR, NIS2) is called out where it differs by region.

Where can I see the underlying threat definitions?

Each pillar references the corresponding glossary entry on /glossary/, which gives a 600-word focused definition with examples and defense bullets. The pillar is the long-form guide; the glossary entry is the quick reference. Both are kept in sync.

Train Your Team Against These Threats

Book a 30-minute walkthrough. Tell us your top three threat priorities. We will scope the exercise sequence and rollout timeline.

Book a Demo Browse the Exercise Catalogue