News

Security awareness tips, industry news, and product updates.

Security team reviewing breach data and charts on screens
Security Awareness TipsThreat Intelligence

Verizon DBIR 2026: The Human Element in 62% of Breaches

Verizon's 2026 Data Breach Investigations Report puts the human element in 62% of breaches and confirms attackers are pivoting to mobile and the browser. Here's what it means for your awareness program.

James Thornton·6/18/2026·4 min read
Employee entering text into an AI chatbot on a laptop at work
Security Awareness TipsCompliance & Regulations

Shadow AI: When Employees Leak Company Data to Chatbots

98% of organizations report unsanctioned AI use, and most have no policy to manage it. Shadow AI has become a top insider data-loss risk — and it's a security awareness problem.

Natalie Hoffmann·6/17/2026·4 min read
An interactive security training lesson
Security Awareness TipsProduct Updates

Interactive Training Page Types in empowsec: Part 1

empowsec training is built from interactive page types - not static slides. Part 1 introduces seven of them, from simple info pages and accordions to graded quizzes, scenarios, and drag-to-match exercises.

Sarah Mitchell·6/17/2026·8 min read
IT help desk agent wearing a headset and assisting a caller
Phishing & Social EngineeringThreat Intelligence

Help Desk Social Engineering: Scattered Spider's Front Door

Scattered Spider doesn't hack your MFA — it calls your help desk and talks an agent into resetting it. Here's how help desk social engineering works and how to lock the door.

David Kowalski·6/16/2026·4 min read
Cross-functional team gathered around a conference table running an incident response exercise
Security Awareness TipsCompliance & Regulations

Tabletop Exercises: Rehearsing Your Incident Response

A real breach is the worst time to discover that no one knows who decides whether to pay a ransom. Tabletop exercises expose those gaps in a conference room instead of a crisis.

Marcus Chen·6/15/2026·7 min read
An employee reading a phishing debrief
Security Awareness TipsProduct Updates

Phishing Debriefs: Turn Simulations Into Teachable Moments

A phishing simulation without a debrief is a test with no feedback. empowsec debriefs close that loop by explaining exactly what participants should have spotted - in their own language, at the right time.

Sarah Mitchell·6/15/2026·8 min read
CISO presenting security program metrics to leadership in a boardroom
Security Awareness Tips

Security Awareness Metrics Beyond the Click Rate Alone

Click rate is the metric every program reports and the one that misleads most. Report rate, time-to-report, repeat-clicker reduction and the resilience ratio tell the real story. Here is how to measure and present it.

Lisa Brennan·6/14/2026·7 min read
Security team reviewing a human risk analytics dashboard in an office
Security Awareness Tips

Human Risk Management: Beyond Awareness Training Alone

Annual click-through training checks a compliance box but rarely changes behavior. Human Risk Management replaces it with continuous, data-driven, personalized risk reduction. Here is what that shift looks like in practice.

James Thornton·6/13/2026·7 min read
A simulated phishing landing page used for training
Phishing & Social EngineeringProduct Updates

Phishing Landing Pages, Credential Capture, and Tracking

empowsec tracks every step of a simulated phishing attack - from the pixel that records an open to the fake login form that records a credential submission - and turns each event into a learning opportunity.

Marcus Chen·6/13/2026·7 min read
Employee reporting a suspicious email with one click at their office desk
Security Awareness Tips

The Report Button: Your Highest-ROI Security Habit

One click on a report button can turn every employee into a sensor and shrink an attacker's dwell time to minutes. Here is how to build the process and the blameless culture that make reporting reflexive.

Thomas Eriksson·6/12/2026·7 min read
New employee being welcomed and onboarded on their first day in the office
Security Awareness Tips

Security Onboarding: Protect New Hires From Day One

New hires are eager to please, unfamiliar with the norms, and disproportionately targeted by BEC and impersonation scams. Their first 90 days are the riskiest. Here is how to build security into onboarding from day one.

Elena Vasquez·6/11/2026·7 min read
Scheduling recurring phishing simulations
Phishing & Social EngineeringProduct Updates

Continuous Phishing Simulation: Automate Year-Round Testing

One annual phishing test tells you where your employees stood twelve months ago. Recurring, automated phishing simulation in empowsec gives you a continuous, accurate picture of where they stand today.

Sarah Mitchell·6/11/2026·7 min read