It started with a phish...

Many users still don't realise what processes can happen if they click on a malicious attachment or URL. They've been warned not to open suspicious attachments or URLs but often don't know why.

Users don't have to know about the technical intricacies of attacks like ransomware.

However, it does help if they have a basic understanding because it brings meaning and relevance to the warning "don't open suspicious attachments".

IT security awareness people are responsible for simplifying this process as much as possible. Ideally, the process (below) should be turned into an engaging storytelling narrative that will resonate with most users. And, of course, you drop the technical jargon...

Initial Phishing Email -  Self Explanatory

Internal Phishing Email -  A potentially malicious email from a colleague you already trust

Domain Access -  Somebody who has keys to the network

GPO Policy -  Master switch for your network

Crypto-Ransomware -  Software that makes ordinary computer files inaccessible

Detonation -  Self-Explanatory

When users have a basic understanding of a threat actor's process, they will now see why some emails from colleagues can be potentially dangerous. They will understand why some employees (e.g., developers, and IT support staff) are targeted more than others. They will understand why the sudden disabling of their EDR software is potentially more serious than they thought. This understanding enhances your organisation's security culture and lowers your information security risk.