How standardized behavior creates predictable targets — and what to do about it
The attacker did not break anything.
He read the training manual.
Not yours specifically. The industry's. The same curriculum running inside tens of thousands of organizations worldwide — the same modules, the same simulated phishing, the same rules of thumb delivered to employees who will behave, predictably, exactly as they were trained.
He read it. Then he built his attack around it.
The Paradox at the Center of Security Awareness
Security awareness training exists to make employees predictable in a good way: predictably skeptical, predictably cautious, predictably compliant.
The problem is that predictability in defense is a targeting system for offense.
When every employee in every organization trained on the same framework behaves the same way under the same conditions, the attacker does not need to study your organization. He needs to study the framework. The training does not just teach employees how to be safe. It teaches attackers what to expect — and more precisely, where trust is assumed rather than verified.
Every place a standard says employees should trust X, an attacker reads: here is your entry point.
What the Training Actually Teaches
How standardized behavior creates predictable targets — and what to do about it
The attacker did not break anything.
He read the training manual.
Not yours specifically. The industry's. The same curriculum running inside tens of thousands of organizations worldwide — the same modules, the same simulated phishing, the same rules of thumb delivered to employees who will behave, predictably, exactly as they were trained.
He read it. Then he built his attack around it.
The Paradox at the Center of Security Awareness
Security awareness training exists to make employees predictable in a good way: predictably skeptical, predictably cautious, predictably compliant.
The problem is that predictability in defense is a targeting system for offense.
When every employee in every organization trained on the same framework behaves the same way under the same conditions, the attacker does not need to study your organization. He needs to study the framework. The training does not just teach employees how to be safe. It teaches attackers what to expect — and more precisely, where trust is assumed rather than verified.
Every place a standard says employees should trust X, an attacker reads: here is your entry point.
What the Training Actually Teaches
Walk through any standard security awareness curriculum and read it the way an attacker would.
"Download software only from official sources."
Employees learn: GitHub is official. The vendor's documentation page is official. Microsoft's download portal is official.
The attacker learns: create presence on GitHub. Occupy the category of source the training has already marked as trusted. The employee's own training will do the authentication for him.
This is exactly what happened in the EtherRAT campaign. The attackers did not compromise GitHub. They created repositories that looked like what employees had been trained to expect at a trusted source. The platform's legitimacy transferred to the payload. The training pointed employees toward a category — the attacker moved into that category and waited.
"Verify that files are signed before running them."
Employees learn: a signed file is a safe file.
The attacker learns: get a signature. Code signing certificates are obtainable. A signature verifies identity, not intent. The training has taught the employee to stop at the signature — which means everything beyond the signature is, by design, invisible. The check is the blind spot.
"Be suspicious of unexpected emails from unknown senders."
Employees learn: known senders are safer than unknown ones.
The attacker learns: become a known sender first. Compromise a vendor. Compromise a partner. Send the payload from an address the target's inbox already trusts. The training has drawn a bright line. The attacker steps over it — using the line itself as guidance on where to position.
In each case, the training does not fail because it is wrong. It fails because it is right in a way that is fully legible to the attacker.
The Uniformity Problem
The deeper issue is not any single piece of bad advice. It is uniformity at industrial scale.
When security behavior is standardized across an industry, the attacker's cost structure changes fundamentally. He no longer needs to study each target organization individually. He builds one attack that works against the trained behavior pattern, and it scales horizontally across every organization that completed the same curriculum.
This is the exact inverse of what defenders intended. They wanted scalable protection. They achieved it — and so did the attacker. The same standardization that makes training cost-efficient for defenders makes exploitation cost-efficient for attackers.
The NIST framework, the CIS controls, the ISO 27001 requirements — these are public documents describing exactly how compliant organizations behave. An attacker who reads them does not see security guidance. He sees a map of expected defensive behavior, annotated with the locations where trust is assumed and inspection stops.
Consider what NIST SP 800-50 recommends: role-based training tailored to job function, with consistent messaging across the organization. Sound advice for consistency. Also a precise description of how employees in Finance will behave differently from employees in IT — and how to craft a payload tuned for each role's specific training profile. The framework that makes training manageable for the CISO makes targeting manageable for the attacker.
Three Mechanisms of Exploitation
1. Trust Laundering Through Legitimate Platforms
Training teaches employees to trust certain platforms categorically: GitHub, Google Drive, Dropbox, DocuSign, Slack. These platforms are legitimate. The training is not wrong to point employees toward them.
But categorical trust in a platform is not the same as trust in content hosted on that platform. Standard training rarely makes this distinction explicit — doing so would create cognitive overhead that defeats the purpose of a rule of thumb.
The attacker exploits the gap without needing to compromise anything. He hosts malicious content on a trusted platform and inherits the platform's credibility. The employee's trained response — this came from a legitimate source — fires correctly on the wrong target. The platform becomes an unwitting authentication layer.
2. Compliance Theater as a Precision Instrument
Organizations train employees to perform security rituals: check the padlock, verify the sender domain, look for HTTPS, hover over links to preview destinations. These rituals have genuine value — and a precise ceiling.
When the ritual is performed and passed, the employee experiences psychological release. The check is done. The box is ticked. Vigilance drops at exactly the moment the attacker needs it to drop — after the surface check, before the deeper inspection that would surface the real threat.
The attacker does not try to hide from the ritual. He designs his attack to pass it. The ritual becomes a gate he holds open for himself — and the training has taught employees that passing the gate means the journey is safe.
3. Social Engineering the Training Itself
This is the mechanism that receives the least attention, and it is the most dangerous.
Employees who have completed security awareness training carry a specific mental model of what an attack looks like. It looks like the simulations they practiced. It has urgency. It has a spoofed sender. It has a suspicious link. It asks for credentials immediately.
An attacker who knows this model builds an attack that does not match it. No urgency. A sender the employee recognizes. A link to a legitimate platform. No request for credentials — only a request to install a collaboration tool, review a shared document, approve a routine task.
The employee pattern-matches against his trained model of "attack" and finds no match. He concludes the interaction is legitimate. The training has not made him safer. It has given him a detailed mental image of what danger looks like — and the attacker has read the same training materials to know precisely what that image excludes.
The simulation was a known test. The attacker did not take it. He read the answer key.
What the Industry Gets Wrong
The security industry has two dominant responses to training failures, and neither addresses the root cause.
Response 1: More training, more frequently.
If awareness training is not working, increase the dose. Quarterly instead of annual. Mandatory instead of optional. Gamified, tracked, certified.
The Verizon 2025 DBIR, based on over 22,000 incidents across 139 countries, delivers the data point that should end this argument: the median click rate on phishing simulations remains at 1.5% even after repeated, ongoing training cycles. The researchers stated plainly that "the failure rate was unaffected by training." Human involvement persists in approximately 60% of all confirmed breaches — a number that has not meaningfully shifted despite years of expanded awareness programs.
More training, uniformly delivered, produces more uniform behavior. It does not reduce the attacker's ability to exploit that uniformity. It scales the attack surface alongside the curriculum.
Response 2: Better simulations, harder tests.
If employees are failing phishing simulations, make the simulations more realistic. Use spear-phishing with real names and current events as lures. Track click rates. Flag repeat offenders.
In May 2025, Coinbase disclosed a breach that cost the company between $180 million and $400 million in remediation and customer compensation costs. The attack did not use phishing. Attackers recruited and bribed customer support contractors — people with legitimate system access — to exfiltrate internal data over an extended period. The threat did not look like a phishing simulation because it was not one. It looked like a normal workday for an insider who had decided to monetize their access.
No simulation library prepared anyone for that. And earlier in the same year, Unit 42's incident response data across 700+ cases found that more than one-third of social engineering intrusions involved non-phishing techniques entirely — SEO poisoning, fake system prompts, help desk manipulation, and voice phishing that surged 442% in the second half of 2024 compared to the first half.
These attacks succeed not because employees failed their simulations. They succeed because the attacks were specifically designed to look nothing like them.
The simulation is a known test. Improving the test does not help against an attacker who does not sit for it.
A Different Model
The goal of security awareness training has been, implicitly, to produce compliance — employees who can pass a simulation and check the right boxes.
Compliance training teaches: if you see X, do Y. The attacker studies the mapping between X and Y, then presents X without the actual threat, or presents the threat in a form that does not trigger recognition of X.
The alternative is training that produces reasoning — employees who can evaluate situations the training never anticipated. The attacker cannot study a reasoning process he cannot predict, because a reasoning process does not reduce to a fixed input-output mapping.
The distinction is not theoretical. It is a concrete design choice about what security training is trying to build.
Three practical shifts move organizations toward reasoning-based security culture:
Vary the behavior, not just the content. Standardized procedures are legible to attackers who have read the standards. For high-sensitivity decisions — wire transfers, credential resets, software installations — introduce deliberate variation in verification channels, approval paths, and timing patterns. An attacker who has studied the standard procedure finds no standard procedure to exploit. Variation is not inefficiency. It is unpredictability, which is the only property that compliance cannot provide.
Teach the attack model, not only the defense checklist. Employees who understand why trust laundering works — not just what phishing looks like — can generalize to attacks they have never seen. Show them the EtherRAT campaign and explain the layers of trust that were exploited. Show them the compliance theater mechanism and where vigilance is designed to drop. Give them the attacker's reading of the training manual, and let them see what it reveals. A defender who has read the attacker's map cannot be navigated by it in the same way.
Train suspicion of the familiar, not only recognition of the strange. The most effective social engineering feels normal. It fits the trained pattern perfectly. An employee who has been taught that danger looks a specific way will relax when something matches that pattern exactly — and that relaxation is a signal worth examining, not a reassurance. The uncanny valley of security is not the obviously suspicious. It is the frictionlessly expected.
The Map Is Public
The insight from EtherRAT extends further than one campaign.
Every published security framework describes, with precision, how a compliant organization behaves. Every standardized training curriculum describes, with precision, the mental models employees carry, the checks they perform, and the moment their vigilance releases.
These documents exist to make defenders more consistent. They succeed. They also make defenders legible to anyone willing to read carefully — which describes every sophisticated attacker operating today.
The training manual is public. The simulation library is reverse-engineerable. The compliance checklist is downloadable.
The attacker has read all of it. The Coinbase contractors knew the internal procedures well enough to move undetected for months. The vishing operators calling help desks in 2024 and 2025 knew the identity verification scripts well enough to talk past them in real time. They were not guessing. They had studied the expected behavior — and the expected behavior held no surprises for them.
The question is whether the people defending the organization have read their own procedures the same way — not as a list of things to implement, but as a map of what they will predictably do, and where that predictability ends and actual security begins.
Trust is not a control. Verified, variable, reasoning-based behavior is.
The organizations that understand this distinction will build security cultures that do not compress into a targeting profile. The ones that do not will keep expanding their training budgets and their attack surface simultaneously — measuring completion rates and click rates while the attacker reads the curriculum, studies the procedures, and plans for the employees who passed every test.
He is not waiting for someone to fail.
He is building for the ones who succeeded.
"Be suspicious of unexpected emails from unknown senders."
Employees learn: known senders are safer than unknown ones.
The attacker learns: become a known sender first. Compromise a vendor. Compromise a partner. Send the payload from an address the target's inbox already trusts. The training has drawn a bright line. The attacker steps over it — using the line itself as guidance on where to position.
In each case, the training does not fail because it is wrong. It fails because it is right in a way that is fully legible to the attacker.
Top comments (0)