Cyber-attacks have become far more sophisticated. So-called spear phishing exploits have begun to target individual employees or specific organizations, making them nearly impossible to catch with ordinary spam filters. As more traditional security methods failed, more and more organizations looked for a behavioral solution to the problem. And they found that by teaching employees what spear phishing looks like, the employees themselves could become the filters. This bolstering of cybersecurity practices is extremely important, especially today. According to the SANS Institute, nearly 95 percent of all enterprise attacks last year started as the result of a successful spear phishing attempt, or at least had spear phishing as a component. Cyber-criminals know that the employee sitting at the keyboard is the weakest link in the cybersecurity chain and that it’s far easier to socially engineer an individual into giving up sensitive information than it is to directly attack a network. The most successful training against these types of attacks lets employees work through the same steps that a cyber-criminal would take to craft a spear phishing email, to give them an understanding of what the practice looks like, and how effective and convincing these personalized attacks can be.