Implement Cyber-Attack Awareness Training | Motivations & Tactics | GBAF

Implement Cyber-Attack Awareness Training | Motivations & Tactics | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Business > BUILDING CYBER AWARENESS: WHAT I WOULD DO FIRST!

BUILDING CYBER AWARENESS: WHAT I WOULD DO FIRST!

Published by Gbaf News

Posted on June 17, 2016

3 min read

Last updated: January 22, 2026

Cybersecurity training session focusing on employee awareness and cyber threats - Global Banking & Finance Review — An engaging training session on cybersecurity awareness for banking employees, highlighting the importance of understanding cyber threats and data protection. This image emphasizes the need for employee education on cyber-attacks to prevent data breaches.

Implement Attack Awareness Training for All Employees

Stephen Gates

Stephen Gates

Begin with deep-dive training on how cyber-attacks work. Few employees, if any, actually understand the difference between a virus, worm, Trojan, exploit, vulnerability, phishing, smishing, drive by, malvertising, adware, spyware, and ransomware attacks. Educating employees about how cyber-attacks work builds awareness to the constant risk they face from cyber threat actors. If the training is done right, using real-world examples and hands-on scenarios, the likely results would be better educated employees and team building as well. Two benefits for the price of one.

Second, include training on the motivations and tactics attackers utilise and what they are likely to target. Most attackers are motivated by money and understand that gaining access to sensitive data is often like hitting the mother lode. Employees need to recognise the value of sensitive data and understand that it must be protected at all costs. One simple click is all that is needed to compromise a system, gain access, and move laterally in an organisation. Your click may have opened up the passageway for entry into your network. Employees are often the catalyst that results in a data breach.

Implement a No-Punishment Policy

Many cyber-attacks go unnoticed because employees are less than motivated to report suspicious activity on their computers, accounts, and data. Often an employee clicks, something strange happens on their computer, and they’re afraid to report it due to a host of different reasons. Fear of feeling imprudent, the backlash of public ridicule, the violation of Internet usage policies, and other negative outcomes thwarts the sharing of important intelligence. Institute policies that actually reward employees for coming forward, reporting questionable activity, grabbing screen shots, and sharing the steps that were taken during a suspected hack. This valuable intelligence will help security and forensics teams in their investigations, as well as limit the potential damage of the hack.

Monitoring Your Results

Monitoring employees does not often provide the intended result. People try to enforce policies, but they end up looking like the computer police. No one likes to be monitored while online. Instead, set up a test “attack process” with different scenarios. Phish your own employees to see if they’ll click. Tell them ahead of time to expect an attack, and remedial training will be required if they fall for one. If they don’t fall for it, and report the attempt appropriately, publicly reward them for being prudent. Soon you will have employees that are part of the solution, and no longer part of the problem.

About the Author:

Stephen Gates is a key research intelligence analyst with NSFOCUS IBD. He has been instrumental in solving the DDoS problem for service providers, hosting providers, and enterprises in North America and abroad. Steve has more than 25 years of computer networking and security experience with an extensive background in the deployment and implementation of next-generation security solutions. Steve is a recognised Subject Matter Expert on DDoS attack tools and methodologies, including next-generation defence approaches.