M1017 - User Training

User Training involves educating employees and contractors on recognizing, reporting, and preventing cyber threats that rely on human interaction, such as phishing, social engineering, and other manipulative techniques. Comprehensive training programs create a human firewall by empowering users to be an active component of the organization's cybersecurity defenses. This mitigation can be implemented through the following measures:

Create Comprehensive Training Programs:

• Design training modules tailored to the organization's risk profile, covering topics such as phishing, password management, and incident reporting.
• Provide role-specific training for high-risk employees, such as helpdesk staff or executives.

Use Simulated Exercises:

• Conduct phishing simulations to measure user susceptibility and provide targeted follow-up training.
• Run social engineering drills to evaluate employee responses and reinforce protocols.

Leverage Gamification and Engagement:

• Introduce interactive learning methods such as quizzes, gamified challenges, and rewards for successful detection and reporting of threats.

Incorporate Security Policies into Onboarding:

• Include cybersecurity training as part of the onboarding process for new employees.
• Provide easy-to-understand materials outlining acceptable use policies and reporting procedures.

Regular Refresher Courses:

• Update training materials to include emerging threats and techniques used by adversaries.
• Ensure all employees complete periodic refresher courses to stay informed.

Emphasize Real-World Scenarios:

• Use case studies of recent attacks to demonstrate the consequences of successful phishing or social engineering.
• Discuss how specific employee actions can prevent or mitigate such attacks.

ATT&CK ID

M1017

STIX ID

course-of-action--2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a

Name

User Training

Connected AI records

1