Cyberdise AG

Blog – EN

Creating ClickFix Exercises with Cyberdise Behavioral Defense Engineering

Cybercriminals have become remarkably good at bypassing technical security controls. Rather than exploiting software vulnerabilities, many modern attacks exploit something much easier: human behavior.
One of the fastest-growing examples is ClickFix. Instead of asking users to click a malicious attachment, attackers guide them through what appears to be a legitimate troubleshooting or verification process. The victim ultimately executes the malicious action themselves.
For security awareness teams, this represents an important shift. Traditional phishing exercises are still valuable, but they no longer cover the full spectrum of modern social engineering. Organizations increasingly need a ClickFix simulation that prepares employees for these interaction-driven attacks before they encounter them in production. This article shows how to create one in Cyberdise Awareness — from scenario selection to delivery and measurement.

A Paradigm Shift in Cybersecurity: CYBERDISE Establishes “Behavioral Defense Engineering” to Combat AI-Driven Threats

For years, the global cybersecurity industry has been fighting the right problem with the wrong methods. While traditional security awareness programs have focused on theoretical knowledge transfer for two decades, measurable organizational risk remains consistently high. A joint study by CYBERDISE and the Lucerne University of Applied Sciences and Arts (HSLU) scientifically confirms what practice has long shown: more knowledge does not automatically translate into secure behavior when employees are targeted by real, psychologically optimized attacks.

The Next Giant Leap: Why It Is Time to Redefine Human Cybersecurity

There are defining moments in the evolution of a company that change everything. Today is one of those days for us at CYBERDISE. We’ve been very close to the market for the past three years. Even when we started, we knew that the awareness industry was heading in a direction we didn’t fully understand back then.

We now clearly understand the market’s needs and pains and know exactly where to go next. Following intensive development and extensive market analysis, we are making a monumental shift forward: we are transitioning from traditional security awareness to Behavioral Defense Engineering (BDE).

Microsoft Defender Attack Simulator: Strengths, Weakness and the Reality of Security Awareness

Microsoft Defender for Office 365 includes its own phishing simulation and awareness platform called Attack Simulation Training. Because it is deeply integrated into Microsoft 365, many organizations automatically assume it is the logical choice for phishing simulations and employee awareness.
And honestly: in some areas, Microsoft Defender Attack Simulator is very good.
But there is also another side that organizations should understand before replacing specialized awareness platforms completely.
This article is intentionally balanced. There are clear advantages — but also structural limitations that become visible very quickly in larger or more mature security environments.

AI: The World’s Greatest Pentester — And Why It Has to Be This Way

What happens when software is no longer attacked only by humans, but by synthetic actors that think differently than we do?

Claude developer Anthropic made headlines last week with the internal release of a new model called Mythos. It is said to be exceptionally good at finding bugs and vulnerabilities in software. Due to these capabilities, Anthropic is refraining from a public release for now and instead aims to work with large tech companies and governments to prevent misuse.

It remains unclear how realistic and actually exploitable many of these vulnerabilities are… at least for humans.

Free Phishing Template and Information Security Courses in CYBERDISE Freemium

Which free templates for attack simulations can I use? Which free cybersecurity courses help me train my employees?

With CYBERDISE Freemium, we offer a free tool for phishing simulations. With it, you can not only run phishing exercises, but also train your employees with cybersecurity courses. And the best part is that you can edit all templates and adapt them to your specific needs – exactly as required for genuine awareness!

NIS2 Is in the Budget – Not Yet in the Systems

A new study conducted by CIO / CSO / Computerwoche (based on 324 interviews with senior IT decision-makers across DACH, conducted November–December 2025) paints a clear picture: NIS2 is reshaping how organisations think about cybersecurity. But compliance and actual resilience are still far apart.

Below are the findings we think matter most – and what they mean for how you approach security awareness and human risk.