Train users to detect malicious intent or activity, how to report it, etc.
User training involves teaching end users to be human sensors who know how to recognize cyber threats and the procedures for reporting them. Users can be effective sensors for social engineering attempts, phishing email detection, as well as other cyber threats.
|DOS0018||Users trained and encouraged to report phishing can detect attacks that other defenses do not.|
|DOS0091||Users trained and encouraged to report unsolicited application authorization requests can detect attacks that other defenses do not.|
|DOS0131||There is an opportunity to detect the presence of an adversary by identifying and alerting on anomalous behaviors.|
|DUC0018||A program to train and exercise the anti-phishing skills of users can create "Human Sensors" that help detect phishing attacks.|
|DUC0091||A program to train users on how to recognize and report third-party applications requesting authorization can create "Human Sensors" that help detect application token theft.|
|DUC0236||A program to train users to report emails that they did not send but appear in their sent folder.|
|DPR0061||Train users to immediately report suspicious emails. Those emails could then be used for malware detonation or adversary engagement purposes.|
|DPR0062||Train users to report potentially compromised devices so they can be isolated or migrated into deception networks.|
|T1528||Steal Application Access Token||Credential Access|
|T1534||Internal Spearphishing||Lateral Movement|
|T1585||Establish Accounts||Resource Development|
|T1586||Compromise Accounts||Resource Development|
|T1598||Phishing for Information||Reconnaissance|