The largest attack surface in any business is the people that make it run. In real-world attacks, employees are relentlessly bombarded with spear-phishing and socially engineered schemes.
Criminals use phishing and other social engineering tactics because it is usually easier to exploit people’s natural inclination to trust than it is to discover ways to compromise a network. For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password.
Because people are generally easier to compromise by cyber attackers it is important to continually educate them about the threat vectors that they could be victimized by.
Providing simulated phishing testing, cyber awareness training, and demonstration-based exercises will provide employees with the knowledge they need to detect and prevent these types of attacks.