Cybersecurity Training
& Education
Address the Human Element of Your Security Program
Empower Your People to Protect Their Organization
No matter how advanced your organization’s security technology is, there will always be risk associated with your workforce.
Human risk is difficult to quantify because stakeholders must consider every type of threat: malicious, negligent and compromised.
Investing in a holistic program to educate and empower everyone who touches your network will inherently reduce risk by increasing awareness and impacting culture.
Investing in the right training and education is essential to ensure that your team has the knowledge and skills to protect your organization from cyber threats. With our cybersecurity training and education program, your people will be empowered to protect your organization from malicious actors and data breaches.
We offer customized training solutions that cover the most important topics, such as network security, risk assessment, incident response, and more. Our program also includes resources for staying up-to-date on the latest threats and best practices. With our training and education, your team will be well-equipped to protect your organization and its data.
AVIH, offers a comprehensive approach to cybersecurity education
Through both general end-user awareness and role-based training. Meaningful, relevant, current training content establishes a solid foundation for your general user base, while simulated phishing campaigns provide insight and create opportunities for risk mitigation.
Our training and education programs cover a wide range of topics, ranging from basic cyber safety and security to more advanced topics such as malware analysis and cyber incident response. We strive to create personalized learning experiences and programs that are tailored to meet the individual needs of our learners. Our instructors are highly qualified and experienced professionals who bring their real-world knowledge and expertise to the classroom.
Our courses are designed to equip individuals and organizations with the knowledge needed to protect their networks and data from cyber threats. Our training and education programs are designed to be both engaging and interactive, ensuring that our learners come away with a better understanding of the cyber security landscape. With AVIH, you can count on comprehensive, up-to-date cybersecurity training and education that will help you stay ahead of the ever-changing cyber threat landscape.
Incorporate Consistency, Variety, Relevance
and Applicability
AVIH, provides comprehensive cybersecurity training and education programs to ensure your staff is knowledgeable and prepared for any cyber threats that may arise. Our training and education programs are designed to provide consistency, variety, relevance, and applicability for all staff.
We emphasize the importance of having a strong foundation in cybersecurity fundamentals, as it is essential for all employees to understand the basics of cyber security. To ensure this, our training and education programs are tailored to provide an in-depth understanding of topics like risk assessment, threat management, data security, encryption, and incident response.
We provide a variety of resources to help staff learn different concepts, such as interactive tutorials, online courses, and webinars. This allows staff to gain a better understanding of the topics and apply them in real-world scenarios.
Moreover, our training and education programs are tailored to stay relevant to the ever-changing cyber threats, as well as to the industry standards and best practices. This ensures that staff are able to keep up with the latest trends and technologies, and are able to apply them in their job roles.
Finally, we make sure that our training and education programs are applicable to the real-world. We provide case studies and practical exercises that allow staff to apply the concepts they have learned and gain hands-on experience.
At AVIH, we are committed to providing comprehensive and effective cybersecurity training and education programs to ensure your staff is knowledgeable and prepared for any cyber threats. Our programs are designed to provide consistency, variety, relevance, and applicability for all staff.
Our goal is to help organizations develop a mature, successful security awareness training program that leads to positive behavior change.
Knowledge retention decreases rapidly without consistent repetition, recall and practice. AVIH Cybersecurity Education programs that include formal courses, informal reinforcement materials and phishing simulations are more effective over time than a single annual training initiative.
Every organization has a different employee culture. AVIH’s Cybersecurity Education courses allow you to address diverse training preferences, distinct organizational cultures and varied assessment opportunities for a greater impact on behavior change than a “one-size-fits-all” approach.
AVIH Variety provides comprehensive cybersecurity training and education for organizations and individuals. Our courses are designed to equip organizations with the knowledge and skills necessary to protect their systems and data from cyber threats. Our courses cover a range of topics, including cyber security fundamentals, risk management, threat detection and response, and data security. We also offer advanced training for experienced professionals. Our instructors are experienced security professionals who have years of experience in the field and can provide insight into the latest industry trends. With AVIH Variety, you will be able to build a strong foundation of knowledge and become an expert in the field of cyber security.
Training that is relevant to specific roles and responsibilities allows employees to better understand their duty in security and then link behaviors to impacts. AVIH’s rich catalog of awareness courses, role-based training and developer training enables you to tailor meaningful programs at a granular level.
Applied training is retained training. Interactive elements in AVIH courses allow learners to immediately apply new skills while phishing simulations provide an opportunity to assess end-user behaviors in a safe, real-world context.
Cybersecurity Education is more than a Compliance Check Box
Historically, security awareness training programs involved an annual window with content driven by compliance requirements. With the evolving threat landscape, this approach is not enough.
Each employee and contractor is a component of your defensive posture, and AVIH Cybersecurity Education programs not only address areas of need but also engage users to embrace and acquire meaningful behavior change.
Cybersecurity education is an essential step to protecting your organization from the ever-growing threats of cybercrime. It's much more than a check box on a compliance form. Investing in cybersecurity education helps your staff understand the risks, threats, and solutions to keep your data secure.
Educating your employees on the fundamentals of cybersecurity can help reduce the risk of a breach or other malicious activity. By teaching your staff the importance of strong passwords, spotting phishing attempts, and understanding the risks associated with working with public Wi-Fi networks, you can help protect your organization from the latest threats.
It's also important to stay up to date on the latest security trends and understand the implications of new technologies. This can help your organization be better prepared for the ever-evolving security landscape.
Cybersecurity education is a key component of a strong security posture. When done correctly, it can help ensure your organization is protected from the latest cyber threats and can help you avoid costly data breaches. Investing in cybersecurity education is an essential part of protecting your organization’s data and reputation.
Learn
We work with your stakeholders to identify appropriate general end-user and role-based trainingto provide meaningful business impacts
and personal relevance to end-users.
Experience
We’ll help create an environment of awareness, including formalized training with reinforcement materials like newsletters, posters, digital images and simulated phishing campaigns.
Transform
Our cyber education program is more than just content – it’s a strategy. We help you transform your organization’s culture into
one of awareness, responsibility.
Start on Your Cybersecurity Education Journey
Are you ready to start your journey towards a career in cybersecurity? If so, you’ve come to the right place. Cybersecurity is one of the
fastest-growing fields in the world, and with the right education, you can be well on your way to a rewarding and lucrative career.
At AVIH, we provide comprehensive courses to get you started in the right direction. Our courses cover everything from basic security
principles and technologies to advanced security topics, and our experienced instructors will give you the knowledge and confidence
you need to become a successful cybersecurity professional.
We also offer hands-on training and certification to ensure you’re up to date on the latest security trends. We’ll help you develop
the skills you need to protect your organization from any potential threats, as well as the expertise to properly respond to any security incidents.
Whether you’re just starting out or have some experience in the field, our courses are designed to help you reach your goals.
Get started on your cybersecurity education journey today and take the first step towards a successful career in this exciting field.
Our aim is to help organizations create a comprehensive and successful security awareness training program that leads to long-term positive changes in behavior. We want to equip organizations with the necessary resources and strategies to ensure their security awareness training is effective, efficient and successful. We strive to help organizations develop a successful security awareness training program that empowers employees with the knowledge and understanding of security best practices, and encourages them to adopt secure behaviors.
Cybersecurity is an essential part of protecting your business from malicious attacks, data breaches, and other cyber threats. However, too often, businesses neglect to invest in education for their employees about how to protect their company from these threats. At AVIH, we believe that cybersecurity education is essential for ensuring that businesses remain safe and secure. We offer a comprehensive suite of cybersecurity training and education services to help your team understand the basics of cybersecurity, recognize potential threats, and stay up-to-date on the latest technology and best practices. Our online and in-person training can be tailored to the needs of your team, allowing them to gain the knowledge and skills they need to protect your business. We also offer a series of one-on-one, targeted sessions to help employees understand specific areas of cybersecurity. We understand that cybersecurity is a rapidly changing field, and we strive to provide the latest information and training to ensure that your business remains protected. With our comprehensive cybersecurity education services, you can rest assured that your team is equipped to recognize and protect against cyber threats.
In addition to their talents, every employee brings their own devices, sometimes networks, and thus their own challenges to IT staff. Basically – new hires mean potential new threats. Security professionals need to embrace new approaches to employee productivity and access yet also keep enterprise data separate from personal data. It’s a delicate balance. In addition to setting up account access and limiting data access by giving permission only where it needs to be, there are further considerations if workers are remote, such as making sure their home network is secure.
The following are a few tips for onboarding employees without onboarding new threats.
Protecting Yourself = Network Protection
Start with early and frequent remote employee security training and awareness seminars that discuss home network security. Include things like:
- Family privacy
- When should a family member share personal information?
- What should they never share?
- Methods for blocking potentially malicious sites
- Open DNS
- Securing a home router and wireless network
- Changing the router’s default password
- How to install anti-virus software on home computers
- Email/phishing awareness for all family members
- Identity protection
- Personally Identifiable Information (PII)
1. Ensure that all mobile devices are updated with the latest security patches.
2. Implement a comprehensive BYOT policy that outlines security and usage requirements.
3. Use a mobile device management (MDM) system to monitor and manage devices.
4. Encrypt all data stored on devices.
5. Require strong passwords and two–factor authentication to access devices and data.
6. Create a secure, designated Wi–Fi network for BYOT access.
7. Restrict access to corporate networks and applications.
8. Make sure all mobile devices are enrolled in a remote wiping service.
9. Educate staff on how to protect their own mobile devices and data.
10. Require regular security assessments to identify and address vulnerabilities.
Protection = Identity and Data Management
Because mobile device management and remote network management are part of your identity and data management program, your security team needs to be operating with cloud-based centralized management and dashboards that provides real-time threat intelligence and visibility.
With the increase in mobile and remote work environments, organizations can be at risk or under threat by not securing devices, access and credentials. Instituting a holistic security strategy and appropriate policies will allow organizations to accommodate the ever-evolving mobile workforce without sacrificing security, data or IP protection.
Business Email Compromise (BEC) Fraud is Exploiting the Cloud
Business Email Compromise (BEC) fraud: It has been officially tracked by the FBI since 2013 and identified in more than 100 countries with losses totaling in the billions of dollars. Unfortunately, BEC is now moving to the cloud. New Tools, Tactics, and Procedures (TTPs) focused on cloud exploitation were discovered in the wild in 2018 with continued maturation into 2019. BEC scammers are taking full advantage of cloud exploitation before the industry implements new cloud-specific solutions against these attacks.
The FBI has identified four distinct phases of BEC:
- Target Acquired – A scammer can identify a target, or it can be leveraged from an existing or previous compromise of a business
- Grooming – This can involve telephone calls, social engineering and, most commonly, a spear phishing email targeting a specific user or a specific organization
- Exchange of Information – Occurs between the scammer and the target
- Wire Transfer – The victim, who thinks the scammer is a legitimate contact, sends money to the scammer.
An Attack Case Study
In the spring of 2018, a new style of BEC fraud took place which exploited the Microsoft Office 365 cloud environment. While traditional security controls on an organization’s typical network architecture work much of the time, the occasional malicious email gets through leading to possible compromise. In this instance, at least two victims in the same company were hit with a targeted spear phishing campaign. Once the emails got through, the scammers pivoted to the cloud to orchestrate the rest of their attack, successfully bypassing security controls in the traditional security environment of the target.
In staging the attack the scammers:
- Created a typo squatting domain. (Think “domainInc.com” instead of the legitimate “domaininc.com” regarding capitalization of the “I”.)
- Created rogue Punycode domains. Punycode domains enable scammers to conceal a possible hostile domain by obfuscating it within ASCII or Unicode representations. A benign example of this conversion is seen with the domain mañana.com translating into the Punycode domain xn—maana-pta.com.
- Created an autodiscover sub-domain for the registered rogue domain to increase confidence in the messaging orchestration as part of the attack.
- Crafted spear phishing emails using the compromised email account through the rogue domain.
- Configured the DNS MX record to increase rogue email reputation and trust.
The attack was launched against multiple users within the targeted organization. At least two of the targets had their email login credentials phished. Security controls were in place to ensure the endpoint did not contain malware, however, e-mail credentials were successfully harvested by the scammers, enabling them to gain remote access to the Outlook 365 (OWA) cloud instance of the compromised email accounts.
Once the scammers had control over the OWA accounts they immediately:
- Created an auto-forwarding rule for the rogue domain emails to control communications if and when the email was used.
- Created an auto-filtering rule for scammer alerting and management of emails in the cloud.
- Filtered data into the RSS Subscriptions directory in the cloud to conceal cloud activity from victims.
- Performed reconnaissance and monitoring of messages to obtain copies of people, processes, and documents critical in the authorization of wire transfers for normal operations with trusted clients and partners.
- Modified documents were created by the scammers where differences were difficult, if not impossible, to detect to the human eye.
Once the scammers had full control over messaging in the cloud and had the modified documents staged, they were able to send emails to and from accounts, as if they were the manager or other roles victimized in the target company, to stage the attack. One example of how to do this is that an organization may require an invoice or wire transfer request to be signed and sent by a manager to one or more individuals internally before being processed. Scammers can control and orchestrate this activity in the cloud until an email chain is successfully constructed or created based upon data and processes available to them. They can then initiate a wire transfer request to their real victim, an accounts payable employee in the target organization.
Normal methods of authentication by accounts payable may involve looking for attachments with appropriate signatures by an external client and internal managers, and an email thread showing authorizations. In our case study, this had been constructed and forged or modified from a legitimate set of transactions so that wire transfers were sent to a rogue account overseas. Once the wire transfer was completed the funds were lost without the hope of recovery.
Wire transfers commonly range in the hundreds of thousands of dollars to over $1 million. It is not uncommon to see multiple transactions attempted or performed for a single relationship abused in such BEC fraud. Some targets have dozens, if not hundreds, of relationships that can be concurrently abused for such BEC fraud while a compromise in the cloud is taking place. This can quickly result in the loss of millions of dollars due to the scale and scope of the fraud and the inability of a target to realize they are compromised.
Additional Challenges
Humans are often the strongest link in the chain of detection for BEC fraud orchestrated in the cloud. For example, in a smaller organization such as a real estate office or bank, individuals may be seated next to one another, thereby having a closer relationship than remote employees and they may ask a coworker about a transfer request. If an unauthorized BEC wire attempt is made, workers in these scenarios are often the ones to detect it, as traditional security measures have been subverted due to a lack of controls and monitoring in the cloud. Once possible fraud has been discovered it is all too common for victims to subsequently use email to notify IT – using the very accounts that are compromised. This is of course monitored by the scammers who are notified of their discovery and take counter actions.
In more than one instance, the exit strategy of a cloud-based BEC fraudster has been to initiate an outbound email spam campaign on a secondary victim account. The strategy results in a large number of spear phishing attacks being sent from the initially targeted and trusted organization to other organizations targeted by the BEC scammers. In these situations, the email distribution could easily involve all contacts for the targeted organization’s compromised email accounts as well as that of targeted accounts identified by scammers for their own custom spear phishing list.
Lessons Learned and Prevention
Traditional BEC fraud is now regularly attacking the cloud for maximum survivability and profit. Security, in the adoption of nascent solutions, is often frequently ignored – this is especially true for those adopting cloud services within the past 18 months. It is rare that an organization prioritizes staging and testing cloud security before hosting data in the cloud.
Humans are often the weakest link in the chain, especially when considering emails and social engineering, but they can also be an organization’s greatest strength. Properly trained staff, with Out of Band Authentication (OOBA) for critical operations such as wire transfers, can successfully stop such attacks.
Incident response must consider cloud and global credential management when responding to an incident. Encryption for sensitive documents requiring a signature also helps prevent data mining by scammers for this type of BEC fraud. Additional controls may also be put into place on the network layer to help monitor and identify typo squatting and Punycode domains. Proactively, security controls need to be placed into the cloud to ensure logging, permissions and monitoring on a regular basis. For this new type of attack method, audit OWA365 regularly for rules related to forwarding and filtering and rules related to data in the RSS Subscriptions directory which should not exist there normally. Additionally, monitoring failed login attempts and successful foreign IP logins is recommended.
Security must be a top priority, especially with the adoption of a new technology or process. As organizations adopt cloud, they must ensure they have included security controls and solutions to manage risk. Stay abreast of ongoing updates to TTPs and threats impacting cloud security, and where possible applying lessons learned as the threat landscape continues to change.