Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Leadership Team

Meet the MetaCompliance Leadership Team

Careers

Join Us and Make Cybersecurity Personal

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

The Benefits of Customised Role-Based Security Awareness Training

Role-based Security Awareness Training

about the author

Share this post

Role-Based Security Awareness Training tailors training materials and delivery mechanisms to fit the role of an employee and reduces the cyber risk associated with that role.

The world is a complex and diverse place and the people within it are a melting pot of abilities, skills, and attitudes. Within a company, this diversity is often put to good use by creating specific roles that leverage these different abilities and skills.

The fact that people work in specific roles in an organisation is not lost on cybercriminals. Fraudsters often tailor their attacks based upon the target. For example, Business Email Compromise (BEC) attacks typically involve a focus on employees in senior roles and in the role of accounts payable. Fraudsters tailor phishing campaigns or other social engineering attacks to reflect the job title of an individual, in doing so, they leverage intrinsic human traits such as trust, to ensure success.

However, if fraudsters use role-based social engineering and phishing to improve the success of their cyber attacks, then two can play that game.

Role-Based Security Awareness Training to Stop Role-Based Phishing

Cybercriminals like to make sure any campaign they design will be a success: they know that the more tailored a phishing email is, the more likely it is the target will believe the email is real and then click a malicious link or act on the email request to change bank and send money urgently, etc.

Spear-phishing is often the weapon of choice when a cybercriminal targets a specific role in an organisation. This form of phishing features highly tailored messaging to manipulate certain types of employees. Typical roles that are subject to spear-phishing attacks are:

  • C-level executives and executive assistants
  • Payroll
  • HR
  • Finance and accounts payable
  • Privileged users

C-Level executives and executive assistants:Whaling” and BEC (Business Email Compromise) fraud focus on the C-Level executives in a target organisation. The fraudsters may also target the executive assistants, using social engineering and spear-phishing to gain access to the CEO’s email account or other personal information. Compromised or spoof CXO emails are used to initiate the BEC fraud.

Payroll department: fraudsters target payroll employees who manage employee salary payments, to redirect money to a scammer’s bank account. For example, the fraudster may spoof an employee’s email asking for payroll to change their bank account details.

Human Resources (HR): HR resides over highly confidential and personal information. This makes that role at risk of spear-phishing campaigns looking to gain access to data that can then be leveraged in further attacks. HR then becomes part of a more complex, multi-step, fraud attempt, such as BEC and payroll fraud; an HR employee may be duped into revealing information about a C-Level executive or another employee to gain the intelligence needed to carry out the fraud.

Finance and accounts payable: the department that holds the purse strings make an obvious target for cybercriminals. BEC fraud, for example, often ends up at the door of accounts payable. But there are many types of fraud that focus on this role. Accounts payable fraud is widespread and one report found that 50% of small businesses in the UK were exposed to this type of fraud, either from internal or external threats.

Privileged users: cybercriminals target privileged users as they have the ‘keys to the corporate castle’. Privileged users are given access rights to sensitive areas of a network, and as such, they offer a direct route into that network for any cybercriminal that can trick them into handing over their credentials or downloading malware. One report found that 63% of organisations feel privileged users present the highest risk of insider threat.

Simulated Phishing Within Role-Based Security Awareness Training Programs

Simulated phishing is a great way to educate employees about phishing and cyber threats. By tailoring the simulated phishing messages to roles within your workforce you can simulate the same tactics used by cybercriminals when targeting a specific group within an organisation. This makes the phishing simulation more real and specific to that individual’s role.

To perform role-based phishing simulations, a platform must support phishing templates that can be tailored on a per-role basis. For example, role-based phishing titles reflect the types of roles that are often targeted by spear-phishing.

Examples of Role-Based Phishing Attacks

Privileged user target: The Lazarus hacking group is infamous for the WannaCry ransomware attack in 2017. More recently, the group has used targeted phishing campaigns, based on spoof job offers, that focus on privileged users. One of the most recent was the targeting of a cryptocurrency platform system administrator. The system administrator received a phishing document in the guise of a job offer via their personal LinkedIn account.

Accounts payable: Facebook and Google were scammed out of over $100 million by a fraudster who targeted employees at the two tech giants by using spear-phishing emails aimed at certain user roles.

Salary mandate fraud: phishing campaigns that involve the theft of employee paychecks are an ideal feeding ground for financially motivated scammers. Often, fraudsters will send out emails to HR or Payroll staff with a bank account change request. The phishing email often spoofs a real employee and includes their email signature and appears to be from an internal company domain. If the change is made, the employee’s salary is paid to the fraudster’s bank account.

Reasons to Tailor Security Awareness Training

Spear-phishing is a favourite of the role-focused fraudster and is very successful because of the targeted nature of this type of phishing. According to a report from Symantec, spear-phishing is used as the main vector in 65% of cyber attacks. By targeting specific employee roles cybercriminals can create multi-step, complex scams that work.

Role-Based training programs and associated role-based simulated phishing provides a tailored program for education that beats cybercriminals at their own game. Teaching employees about the exact nature of phishing and social engineering scams that specifically targets their role, empowers those employees with the knowledge to carefully scrutinise emails and other communications.  

The Benefits of Security Awareness Training Customisation

Customising security awareness training offers significant advantages by addressing the unique risks and challenges faced by different roles within an organisation. Generic training programmes often fall short of adequately preparing employees for the specific cyber threats they are most likely to encounter in their daily tasks. Customised training ensures that employees receive relevant and targeted education that speaks directly to the types of phishing attacks, social engineering tactics, and other cyber risks that are most pertinent to their roles.

By tailoring the training to individual departments and job functions, organisations can create a more engaged and informed workforce, enhancing the overall effectiveness of the security programme. The key benefit of security awareness training customisation is that it strengthens employees’ ability to recognise role-specific threats, reducing the chance of costly security breaches. It also ensures compliance with industry-specific regulations and fosters a proactive security culture across the business.

MetaCompliance offers customised, Role-Based training programmes designed to target the unique security risks of each role and each department. Explore how our departmental security awareness training can provide the specialised knowledge your different teams need to stay secure.

Security Awareness Training for Third-Party Vendor

Other Articles on Cyber Security Awareness Training You Might Find Interesting