Skip to content
RansomLeak
Blog

employee security training

3 posts with the tag “employee security training”

Credential Stuffing: How Leaked Passwords Work

Credential stuffing attack visualization showing a breached database, an automated bot, and multiple login forms being tested
Dmytro Koziatynskyi
Founder & CEO

In January 2024, a security team at a mid-size SaaS company noticed something odd. Over a single weekend, their authentication logs showed 340,000 failed login attempts across employee and customer-facing portals. The attempts came from thousands of IP addresses, rotating every few requests. Buried in the noise: 47 successful logins.

None of those 47 accounts had been brute-forced. The attackers already had the correct passwords. They had purchased a batch of stolen credentials from a 2023 breach of an unrelated service, and 47 employees had used the same email and password combination for both.

This is credential stuffing. Not a sophisticated exploit. Not a zero-day. Just a bet that people reuse passwords, and that bet pays off roughly 0.1% to 2% of the time. At scale, that is enough.

Ransomware Awareness Training for Employees

Ransomware attack visualization showing encrypted files, a locked padlock, and a ransom note countdown timer
Dmytro Koziatynskyi
Founder & CEO

A finance team member opens a PDF labeled “Q4 Invoice Reconciliation.” The file came from what looks like a known vendor. Thirty seconds later, file extensions on her desktop start changing. Documents she opened yesterday now end in .locked. Programs freeze. A full-screen message appears with a Bitcoin address and a 48-hour countdown.

She pulls her ethernet cable. Calls IT. Does not touch the power button.

That instinct saved her company roughly two weeks of recovery time, because she had trained for this exact moment.

15 Cyber Security Activities for Employees (That Don't Suck)

Cyber security activities for employees - team collaboration on security challenges
- Last update:
Dmytro Koziatynskyi
Founder & CEO

Most security awareness programs fail for the same boring reason: they’re boring.

Employees sit through a 45-minute video about password hygiene, click “Next” through a quiz, and forget everything before lunch. You know it. They know it. The phishing click rates prove it.

The fix isn’t better videos. It’s getting people out of their chairs and into scenarios that feel real. The 15 activities below are ones we’ve seen work in actual companies, with actual skeptical employees, producing actual measurable improvements. Some take 15 minutes. Some need a full hour. All of them beat another compliance slideshow.

If you want a broader look at cybersecurity training exercises and how to structure a program, we covered that separately. This post is the practical playbook: specific activities you can run this week.