Awareness Solutions

%91 Attacks start with phishing email
%85 There is a human factor in violations (Verizon DBIR)
60 sn Average first click time
%72 Click-through rate decrease after training
Threat Source

Why Are Technical Defenses Not Enough?

Firewall, EDR, e-posta security katmanı, MFA — kurumlar yıllardır teknolojik security altyapısına yatırım yapıyor. Ancak saldırganlar bu teknolojilerin etrafından dolaşmanın en kolay yolunu keşfetti: targeting people.

Bir employeeın meşru grünen bir e-postadaki bağlantıya tıklaması; fidye yazılımı bulaşmasına, kimlik bilgisi hırsızlığına veya milyonluk dolandırıcılığa kapı açabilir. Bu riski azaltmanın tek yolu bilinç ve it is a change of habit — i.e. realistic simulation and targeted training.

Secure Fors’un yaklaşımı yalnızca “farkındalık sunumu” yapmak değil; kurumunuzun gerçek risk profilini lçmek, zayıf noktaları tespit etmek ve davranış değişikliğini somut verilerle takip etmektir.

Typical Social Engineering Attack Chain
Reconnaissance and Targeting Attacker collects employee information via LinkedIn, website, social media
Sahte E-posta Sendimi Trustworthy-looking domain, familiar sender name, or content that creates a sense of urgency
User Click Average 33% click-through rate — much higher for untrained workers
Credential/Access Hijacking System access via fake login page, malicious attachment or macro
Lateral Movement and Damage Ransomware, data leak, financial fraud or long-term espionage
Application Process

4-Step Phishing
Simulation Cycle

Scenarios generated from real threat examples specific to your organization — measurable results.

Planlama & Senaryo
  • Corporate-specific calendar
  • Industry-specific scenarios
  • Target audience determination
  • Email template design
Simulation Execution
  • All institution / department based
  • Click behavior tracking
  • Password entry tracking
  • Response time metrics
Analiz & Raporlama
  • User based risk map
  • Unit and department score
  • Executive summary report
  • Technical detailed output
Eğitim & Geri Bildirim
  • Notification to all employees
  • Targeted awareness training
  • Email checking guide
  • Reporting culture development
Simulation Scope

What Types of Attacks?
Do We Simulate?

Gerçek saldırı rneklerini taklit eden, kurumunuzun sektrüne ve risk profiline gre uyarlanan senaryo kütüphanesiyle çalışıyoruz.

Email Phishing
Believable content such as fake invoices, internal correspondence, IT security warnings
High Risk
Spear Phishing
Personalized attack scenarios targeting specific individuals
High Risk
SMS/Smishing
Text message-based attacks targeting mobile device users
Orta Risk
Malicious Additional File
Fake attachments containing macros and exploits in PDF, Word, Excel formats
High Risk
Fake Login Page
Phishing pages imitating corporate systems such as Microsoft 365, VPN, ERP
High Risk
AI Powered Social Engineering.
Highly convincing email attacks produced with LLM, free of language errors
High Risk
Raporlama

What Do We Measure?

“Eğitim verdik” demek yetmez. Kurumunuzun security kültürünün nerede olduğunu, nereye gittiğini somut verilerle gsteriyoruz.

🖱️
Click Rate
Percentage of users who clicked on the link in the phishing email — by institution and unit
🔑
Credential Entry
Percentage of employees entering usernames/passwords on fake pages — the most critical risk indicator
⏱️
First Click Time
Time to first click after email is sent — attention level indicator
🚨
Reporting Rate
Percentage of employees reporting suspicious email to IT/security — culture indicator
📈
Periodic Development
Change in click and credential rates over time across multiple simulation cycles
🗂️
Department Risk Map
Which units carry more risk? Finance, HR, IT — unit-based comparative analysis
Company Kazanımlar

To Your Service Institution
What Does It Gain?

It's not a one-off presentation; We are building a measurable, constantly improving security culture.

Makes Invisible Risk Visible

It reveals with concrete data where human-induced cyber risks are concentrated throughout the organization.

Farkındalığı Ölçer & Geliştirir

Employee security awareness level is not just estimated — it is measured with simulation data and its evolution is tracked.

Finds Weak Links Before the Real Attack

Which one clicks, which department is more vulnerable? Find out the answer without an actual attack.

Makes Management Take Action

Risk-based, visual reports accelerate management-level decisions and create budget justification.

Meets Regulatory Obligations

It documents the awareness training obligation defined within the scope of ISO 27001 A.6.3, KVKK article 12, NIS2 and DDO BIGR.

Builds a Culture of Security

When implemented regularly, employees will begin reporting, verifying, and alerting each other to suspicious emails.

What Makes Us Different

Why Secure Fors?

Farkındalık hizmetleri çoğu zaman hazır senaryo kütüphaneleri ve standart sunumlardan ibaret kalır. Bizim yaklaşımımız farklı.

Institutional Scenario Design

Scenarios adapted to your industry, employee profile and current threat intelligence. Not a ready-made template, but a realistic simulation.

Continuous Improvement Model

We show with data that your risk level actually decreases with annual planning, periodic simulation and development monitoring.

Training Focused on Behavior Change

“Farkındalık sunduk” demekle yetinmiyoruz. Trainings psikolojik tetikleyiciler ve gerçek rnek analizleriyle tasarlanır.

Holistic Approach

We evaluate the triangle of people, process and technology together. The awareness service works integrated with our ISMS and TPRM consultancy.

Management Level Reporting

We provide specially formatted, decision-making reports for executives who understand risk and legal liability.

Sectoral Experience

The field knowledge we have gained in different sectors - from THY supplier ecosystem to banking, from aviation to universities.

Regulations Requiring Awareness Training
ISO 27001:2022 — Annex A.6.3 Awareness KVKK Madde 12 — Teknik & İdari Tedbirler NIS2 Directive — Training Obligation DDO Information Security Guide BRSA Information Systems Regulation
We Built Trust

Our References

We provide awareness and security services to institutions in different sectors, from aviation to education, from banking to industry.

Turkish Airlines aviation
TCDD Technical Ulaşım
ABB Bank banking
Yeditepe University Eğitim
Kiwa Türkiye Certification
GTech Teknoloji
Orka Holding Holding
Mitas Sanayi
Doğruer Gıda
Sarnikon Tarım
Take Action

Your Employees Are Real
Ready to Attack?

Öğrenmenin en iyi yolu — zarar vermeden, kontrollü bir ortamda test etmek. Kurumunuzun mevcut insan kaynaklı risk profilini birlikte lçelim.

Get a Simulation Quote Check out the Training Program

Taahhüt yok · Privacy Policy uygulanır · 1–2 iş günü içinde dnüş

Keep Your Brand Secure!

Start working with us now to keep your brand, systems and networks secure.

Get an Offer Now!

Trusted By REFERENCES

Explore the brands that trust us in both security and training processes.

Join Them

Contact us for detailed information about our trainings