For those that are not yet “in the know”, attack simulation is an advanced computer security testing method which identifies vulnerabilities in security environments by mimicking the likely attack paths and techniques used by malicious actors.
Attack simulation training lets you run benign cyber attack simulations on your organization to test your security policies and practices – Microsoft.
While some may stage a good argument on the negative effects of attack simulations, it still remains confirmed and proved that a greater percentage of breaches happen because of human error mainly “biting the bait”. Untrained users can not identify a phishing email and one will eventually click on a phishing link thereby downloading malware or worse still provide their login credentials which eventually gives access to bad actors.
With that in mind, it is crucial to train or assess the level of cyber awareness of your users in a safe environment. This gives you an idea of which users to train more or which specific area to concentrate on.
There are many solutions out there, free and paid which can be used but I find it quite fascinating that Microsoft provides this service along with your subscription of Exchange online (may be subject to certain plan).
Simply visit https://security.microsoft.com/attacksimulator and tada you have a full fledged dashboard to launch various campaigns and see the reports as the simulation runs. Here below are some of the attacks currently offered:
- credential harvest,
- malware attachment
- link attachment
- link malware
- drive-by url
You also have the option of assigning the user a course after they’ve failed the test. These are short awareness videos which help users on different aspects. Happy user training.