Why has CYBR become Pistachio?
It is several reasons to the fact that the CYBR model has gone through a change of heart and become Pistachio. First of all, we and CYBR saw that user-activated training runs, i.e. races where the user had to seek out the training themselves, in the form of video clips and information with associated test material, became too passive. Secondly, it was desirable to be able to offer dynamic training runs as 1) adapts to the user's level, 2) which adapts to the relevant and the current threat picture, and 3) is easy to manage.
Thus, Pistachio has now become the service offered as part of the Digital Workplace service from us.
Healthy security culture and awareness among your users.
Through Pistachio (formerly CYBR) - a modern platform for digital security training.
No one is stronger than their weakest link, and it is still human error that predominates when it comes to letting the attackers through. Human errors, such as us clicking on links, logging in with a username and password on fake websites or otherwise tricking us into giving up information we would otherwise keep close to our chest.
With the new service, Pistachio, education and training are adapted to the individual user's level, and tightens the "difficulty level" as your users become better at exposing the simulated attacks. Where it was previously a pure training course, users now get to test themselves, right in your own inbox.
In connection with the training, it is intended that the user must click a button in each training email to confirm that the content has been read. Pistachio AI thus uses this to pick out other relevant information for the individual user's training course, in the same way that AI retrieves information if a user clicks on a link or provides a username and password through the Pistachio training.
Your users now get learning and training fully integrated into their everyday work tasks. Your users don't have to do anything to get started, they just want to receive e-mails with training in various current topics, and that will also appear phishing attempts in the inbox.
fact Box
- AI-optimized and controlled.
- Simple reporting from the admin panel
- Simulated attacks right in the user's inbox
- Ongoing training adapted to the user's level
- Available in several languages
Example of training material - about cookies
FAQ
-
What do I need to do as a Pistachio admin for my business?
Nothing, really. Everything is automated, and the AI engine provides customized training runs for your users. The only thing that separates you from the other users is your access to an admin panel, where you can retrieve reports and see how your users are doing in their respective training runs. Braathe informs you of how to find the admin panel when your business gets Pistachio activated.
If you have not yet started, you must give us your consent before we can activate the service for you, which you can do in the form at the bottom of this page.
-
Should I inform our users when Pistachio is activated?
This is up to you. Some want, on purpose, for this to come unprepared for the users. Others want to inform so that users are a little more vigilant.
Here is a draft of a text that can be distributed if it is desired to inform about Pistachio:
We have partnered with Pistachio to offer awareness training for our employees.
This means for you:
• Training Emails: You will start receiving emails from training@pistachioapp.com i
your inbox. Just read the emails and click the button at the bottom of the email when you've read through.• Attack simulations: You will occasionally receive simulated phishing attacks that try to trick you into leaking your username and password. Should you get hurt for not revealing these, Pistachio will send you to a web page where you will be given the opportunity to see what you failed to capture. This way you might be able to catch the next attempted attack (and even actual attacks) in the next round.
If you want to know more, please visit Pistachio's FAQ page at pistachioapp.com/faq#training.
-
What is the difference between "clicked" and "leaked"?
You can find this graphic in the admin panel:
Clicked means that the user has clicked on a link in their training run.
Leaked means that the user has entered a username and/or password in their training run. -
Do user statistics and data follow from CYBR to Pistachio?
No. CYBR has been phased out, and Pistachio is now a regular part of your users' everyday working life. Where CYBR had static training runs, with a beginning and a defined end/completion, Pistachio is running, and will work to ensure vigilance in your users as long as the service is activated. This ensures that even newer attack methodologies will get their training runs and your users can be even more on the ball than ever before.
-
Will my users spend a lot of time on training and training?
No. Of course, it depends somewhat on how good the users are at catching phishing attempts and illegitimate e-mails. More vigilance and higher awareness of this will lead to the training run becoming a small part of their everyday life, and for users who struggle to catch it, it may require a little more time.
In that case, you can also capture these through the admin panel, and thus perhaps run some additional work with them - and help them over the edge so that they also become good at defending the company's data. Feel free to contact your customer advisor if you think it might be interesting to have additional security training.
-
Can I change the language for my users, several of our jobs are from places other than Norway?
The language must be changed in Active Directory, and we can do that for you.
Send a user list of users who should have their language set to English to support@braathe.no.
-
How do I disable Pistachio for my business?
You can disable Pistachio, in the upper right corner of the admin panel:
Enable Pistachio for your business?
For you too Desktop, 365 Workplace or a Complete service package from Braathe.
With Pistachio, all your users get access to a modern security training service. You have access throughout your contract period, and new and relevant content is continuously added in line with developments in digital security.
Note that access to Pistachio requires that your package has an Entra ID. If you are in doubt as to whether your services enable access to Pistachio, please contact your customer advisor.
Figures and examples
What does a simulated attack attempt look like, and does this have an effect?
Example of simulated phishing attack:
What effect can simulated attacks have on my business?
