Skip to main content

Navigation

Catalogue

Security Awareness Privacy & Compliance AI & LLM Security Real-World Incidents
Application Security Soon
API Security Soon
Cloud Security Soon

Features

Interactive 3D Training SCORM Cloud LMS Human Risk Score Risk-Based Automation All features

Simulations

Phishing Simulations Smishing Simulations
Vishing Simulations Soon

Company

Partners About Us Blog

Legal

Security & Compliance Privacy Policy Terms of Service
English Українська
Book a Demo

Defend Against Real Threats

Each guide covers how attackers run the threat in 2026, the defensive layers that work, and the training scenarios that build the human reflex.

Central sage shield with checkmark deflecting six attack vectors: phishing email, ransomware lock, deepfake face, BEC briefcase, social engineering mask, AI prompt injection

Phishing

The fraudulent message attack that drives most enterprise breaches across email, SMS, voice, QR, and chat.

Read the guide

Ransomware

Encryption-and-extortion malware that costs enterprises an average of $5.13M per incident, per IBM 2024.

Read the guide

Deepfake

AI-cloned voice and video that impersonates executives to authorize wires, leak data, and bypass verification.

Read the guide

Social Engineering

The human-layer attack that manipulates targets into bypassing their own controls across email, voice, SMS, in-person, and live video.

Read the guide

Business Email Compromise

The targeted email fraud that drove $2.9 billion in 2023 FBI IC3 reported losses by impersonating executives, vendors, and trusted partners.

Read the guide

AI Prompt Injection

Adversarial instructions hidden in content that hijack enterprise LLMs and AI agents into leaking data or taking unauthorized actions.

Read the guide

Smishing

SMS phishing that lands in the one inbox with no security gateway in front of it, read within minutes and tapped on a small screen.

Read the guide

Vishing

Voice phishing that uses a live call, a spoofed number, and now a cloned voice to talk targets past the controls that protect email.

Read the guide

How we sequence threat coverage

The threat library is sequenced by the empirical breach record, not by what a vendor wants to sell. Phishing leads because it remains the dominant initial-access vector in the Verizon DBIR series. Ransomware follows because it carries the highest single-incident cost and has shifted from opportunistic to vendor-impersonation since 2023. Business email compromise sits beside ransomware in dollar exposure and is still the top FBI IC3 loss category. Social engineering is the parent abstraction; the named groups (Scattered Spider, 0ktapus, FIN7, TA453) all live inside it.

Deepfake and AI prompt injection are newer, but the public-disclosure curve is steep. The 2024 Arup $25 million case redefined the threat for finance and treasury teams. Microsoft 365 Copilot, Slack AI, and Bing Chat have all shipped post-disclosure mitigations for prompt-injection chains that exfiltrated data without a click. We surface both pillars because the defensive controls (verification reflex, agent permission scoping, retrieval allowlisting) are still maturing in most enterprises and need explicit training programs rather than ad-hoc memos.

Each pillar follows the same structure: definition, attacker workflow, real cases with named victims, the defense framework, and the exact training scenarios from the 100+ exercise catalogue that drill the human side. Sources are listed at the end of every pillar so security leaders can cite the same primary research the page does: CISA advisories, FBI joint cybersecurity advisories, NIST publications, IBM and Sophos threat reports, OWASP LLM Top 10, and the Verizon DBIR.

Frequently Asked Questions

What security leaders ask about threat training.

Which threats should a new security awareness program cover first?

Phishing comes first, because it is the most common initial-access vector across the Verizon DBIR data set. Ransomware comes second, because it carries the highest cost when it lands. Deepfake and AI-era threats come third, because the attack volume is rising fast and the defensive controls (callback verification, code-word policies) are still maturing in most enterprises. Coverage of all three on day one is now the table-stakes program.

How often should each threat be re-trained?

Phishing should be drilled monthly through realistic simulations. Ransomware-adjacent skills (the initial-access lures, incident reporting, backup verification) should be drilled quarterly. Deepfake and AI-era threats should be drilled at least quarterly for finance and executive teams, and twice a year for the full workforce. Annual one-off training is now widely understood to underperform compared to recurring scenario-based practice.

How do these threat pillars relate to the exercise catalogue?

Each pillar is a topic-cluster hub. The pillar explains the threat at a leadership level (definitions, case studies, defense framework, training approach). The 100+ exercise catalogue is where the actual training scenarios live. Every pillar links to the specific exercises that drill the verification reflex for that threat, so a security leader reading the pillar can hand the linked exercises to the team that needs them.

Are these guides specific to the United States, or international?

The guides are written for a global enterprise audience. Statistics from Verizon DBIR, FBI IC3, IBM Cost of a Data Breach, ENISA, and similar sources are global where the data set is global, and US-specific where the source is US-only. Defensive frameworks (DMARC, FIDO2, NIST IR phases) are cross-jurisdictional. Compliance framing (HIPAA, GDPR, NIS2) is called out where it differs by region.

See RansomLeak in Action

Try the free exercises or book a demo to see analytics, SCORM export, SSO, and custom content in your environment.

Request Demo Try Free Exercises