Contextual Security Awareness Training for IA Group

Sarah Morrison
0
January 1, 2025
Comment

Executive Summary

Cyber threats don’t wait, and neither should security awareness training. IA Group, a leading provider of workforce solutions across Australia, recognised the need to move beyond generic security training and build a security-conscious workforce capable of identifying and responding to modern cyber threats. Partnering with Morrisec for the second year in a row, IA Group sought a customised security awareness training program tailored to the latest threat landscape, their industry-specific risks, and internal security challenges.

Unlike traditional, static security awareness programs, Morrisec delivered an interactive, gamified, and highly engaging training experience, designed to cater to various learning styles. By focusing on real-world attack demonstrations, hands-on exercises, and scenario-based learning, IA Group saw a noticeable shift in security awareness and proactive employee behaviour. This case study explores how IA Group’s security culture was strengthened through targeted, practical, and engaging security training.

We engaged Morrisec for our annual Cyber Security training because of their expert knowledge, hands on approach, and up to date insights, ensuring our people stays ahead of emerging threats both in the business and their personal lives.

Andrew Whitelegg

CEO, IA Group

The Challenge: Moving Beyond Canned Training

Organisations often implement general security awareness training only to find that traditional, one-size-fits-all programs lack engagement and fail to drive meaningful change in employee behaviour. Challenges include:

Lack of Relevance

Generic training does not address specific threats facing the organisation’s industry and specific business.

Low Engagement

Employees often find the training boring and uninspiring.

Missed Learning Opportunities

Traditional methods do not cater to different learning styles, leaving some employees disengaged and disinterested.

Limited Real-World Impact

Training lacks practical demonstrations of real cyber threats, reducing retention and application of knowledge.

 

IA Group required a security awareness program that would captivate employees, address specific organisational risks, and drive long-term behavioural change.

The Solution: A Bespoke, Interactive Approach to Security Awareness

Morrisec worked closely with IA Group to design a custom security awareness training program, ensuring that every aspect was relevant, engaging, and impactful. The key differentiators of the program included:

  • Threat-Led Training: Morrisec analysed the current cyber threat landscape, aligning training content with global, industry-specific, and company-specific threats.
  • Gamification & Hands-On Learning: Training incorporated interactive challenges, real-world attack demonstrations, and role-based scenarios to ensure high engagement.
  • Tailored Learning Modalities: The program was designed to suit all learning preferences, incorporating reading, writing, interactive participation, and presentations.
  • Real Attack Demonstrations: This year’s training featured live demonstrations of attacks, including a Man-in-the-Middle (MitM) attack, to show employees exactly how cyber threats operate in real time.
  • Security Culture Reinforcement: Beyond technical knowledge, the training emphasised critical thinking, proactive security habits, and an open security dialogue within IA Group.

The Result: A Stronger Security Culture & Employee Engagement

One of the most effective exercises we ran in 2024 was having staff craft their own phishing emails against a volunteer. By thinking like a threat actor, they saw firsthand how easy it is to gather information from social media and craft highly convincing attacks. This hands-on approach transformed their understanding of phishing and made the lessons stick.

Dr Sarah Morrison

Co-CEO, Morrisec

Following the Morrisec-led training, IA Group experienced tangible improvements in security awareness and engagement, including:

  • Increased Phishing Awareness & Reporting – Employees became more vigilant and proactive in identifying and reporting phishing emails.
  • Improved Incident Response Mindset – The training fostered confidence in recognising and responding to security threats, reducing risky behaviours.
  • High Engagement & Positive Feedback – Employees actively participated, with many sharing that the interactive nature of the training helped them better understand security concepts.
  • Sustained Behavioural Changes – IA Group saw a lasting impact, with employees continuing to discuss security best practices long after the training concluded.
" MRP has given us guidance, that we did not have before, on exactly what we need to do to implement CPS 234 effectively. MRP has really revolutionised our approach to CPS 234 compliance. "
Eleni Cacomanolis, CISO
" MRP has given us guidance, that we did not have before, on exactly what we need to do to implement CPS 234 effectively. MRP has really revolutionised our approach to CPS 234 compliance. "
Eleni Cacomanolis, CISO
Active Super
" Collaborating with Sarah and the Morrisec team on our journey towards ISO 27001 certification has been an exceptional experience. Their expertise guided us deftly through the intricacies of policy creation, execution, internal auditing, and the entire certification process. Their support has been indispensable, and their professional approach has made them an absolute delight to work with. "
Chris Horn, CFO / Co-Founder
" Collaborating with Sarah and the Morrisec team on our journey towards ISO 27001 certification has been an exceptional experience. Their expertise guided us deftly through the intricacies of policy creation, execution, internal auditing, and the entire certification process. Their support has been indispensable, and their professional approach has made them an absolute delight to work with. "
Chris Horn, CFO / Co-Founder
Toustone
“The training was both insight and concerning, as it highlighted how easily individuals can fall victim to scams. The session was well-structured and easy to understand. As a result, we are now more cautious when encountering emails and attachments, links, or calls from unknown numbers. This increased awareness will undoubtedly help protect the company from potential security threats."
Nhi Le
“The training was both insight and concerning, as it highlighted how easily individuals can fall victim to scams. The session was well-structured and easy to understand. As a result, we are now more cautious when encountering emails and attachments, links, or calls from unknown numbers. This increased awareness will undoubtedly help protect the company from potential security threats."
Nhi Le
IA Group
"I found it very interesting to understand how easy it is for hackers to gain access to our devices, and learning even small methods to implement such as removing public WIFI when it’s no longer in use etc is so beneficial."
Dalena Pham
"I found it very interesting to understand how easy it is for hackers to gain access to our devices, and learning even small methods to implement such as removing public WIFI when it’s no longer in use etc is so beneficial."
Dalena Pham
IA Group
"One of the most impactful aspects for me was how the session emphasised the severity of cybersecurity threats, both personally and professionally. It really helped me understand that cyberattacks are not just a risk to the company but also to my personal information and digital security. The presentation highlighted how even small mistakes, like weak passwords or clicking on phishing emails, could lead to significant consequences - not only for the company but also for my own personal data and privacy. It was eye-opening to see how these security breaches could result in drastic...
Hazel Membrere
"One of the most impactful aspects for me was how the session emphasised the severity of cybersecurity threats, both personally and professionally. It really helped me understand that cyberattacks are not just a risk to the company but also to my personal information and digital security. The presentation highlighted how even small mistakes, like weak passwords or clicking on phishing emails, could lead to significant consequences - not only for the company but also for my own personal data and privacy. It was eye-opening to see how these security breaches could result in drastic financial and reputational damage to a company, which makes me more conscious of how my actions online can contribute to protecting both my own information and the organisation as a whole.”
Hazel Membrere
IA Group
"I liked the visual example of password complexity vs time it takes to hack the passwords."
Larissa Vendramini
"I liked the visual example of password complexity vs time it takes to hack the passwords."
Larissa Vendramini
IA Group
" Just want to say a big thank you for helping us raise our awareness of cyber attacks, and for tailoring the sessions to suit each of our studios 😊 The sessions were very fun and insightful. It's worth mentioning that everyone has become extra cautious with emails lately, and we occasionally receive requests from staff to verify the legitimacy of certain links and attachments. We are also becoming more careful with unknown numbers calling us. "
Nhi Le
" Just want to say a big thank you for helping us raise our awareness of cyber attacks, and for tailoring the sessions to suit each of our studios 😊 The sessions were very fun and insightful. It's worth mentioning that everyone has become extra cautious with emails lately, and we occasionally receive requests from staff to verify the legitimacy of certain links and attachments. We are also becoming more careful with unknown numbers calling us. "
Nhi Le
IA Design
“The training was both insight and concerning, as it highlighted how easily individuals can fall victim to scams. The session was well-structured and easy to understand. As a result, we are now more cautious when encountering emails and attachments, links, or calls from unknown numbers. This increased awareness will undoubtedly help protect the company from potential security threats."
Nhi Le
“The training was both insight and concerning, as it highlighted how easily individuals can fall victim to scams. The session was well-structured and easy to understand. As a result, we are now more cautious when encountering emails and attachments, links, or calls from unknown numbers. This increased awareness will undoubtedly help protect the company from potential security threats."
Nhi Le
IA Group
"I found it very interesting to understand how easy it is for hackers to gain access to our devices, and learning even small methods to implement such as removing public WIFI when it’s no longer in use etc is so beneficial."
Dalena Pham
"I found it very interesting to understand how easy it is for hackers to gain access to our devices, and learning even small methods to implement such as removing public WIFI when it’s no longer in use etc is so beneficial."
Dalena Pham
IA Group
"One of the most impactful aspects for me was how the session emphasised the severity of cybersecurity threats, both personally and professionally. It really helped me understand that cyberattacks are not just a risk to the company but also to my personal information and digital security. The presentation highlighted how even small mistakes, like weak passwords or clicking on phishing emails, could lead to significant consequences - not only for the company but also for my own personal data and privacy. It was eye-opening to see how these security breaches could result in drastic...
Hazel Membrere
"One of the most impactful aspects for me was how the session emphasised the severity of cybersecurity threats, both personally and professionally. It really helped me understand that cyberattacks are not just a risk to the company but also to my personal information and digital security. The presentation highlighted how even small mistakes, like weak passwords or clicking on phishing emails, could lead to significant consequences - not only for the company but also for my own personal data and privacy. It was eye-opening to see how these security breaches could result in drastic financial and reputational damage to a company, which makes me more conscious of how my actions online can contribute to protecting both my own information and the organisation as a whole.”
Hazel Membrere
IA Group
"I liked the visual example of password complexity vs time it takes to hack the passwords."
Larissa Vendramini
"I liked the visual example of password complexity vs time it takes to hack the passwords."
Larissa Vendramini
IA Group

Why Morrisec’s Security Awareness Training Stands Out

As a trainer, my goal is to ensure every session is engaging and directly applicable to the organisation’s security challenges. We don’t just present information—we simulate real threats, encourage discussion, and take security out of the shadows and make it a tangible thing. Seeing participants actively engage, ask questions, and apply what they’ve learned in their daily work is the most rewarding part of delivering this type of training.

David Morrison

Co-CEO, Morrisec

Most security awareness training is commoditised – generic, one-size-fits-all content that fails to engage or address the specific risks your organisation faces. At Morrisec, we take a different approach.

  • Not One-Size-Fits-All – Each training program is tailored to the organisation’s industry, threat landscape, and unique risks.
  • Gamified & Interactive – Engaging exercises ensure employees stay involved and retain key lessons.
  • Multi-Modal Learning – Training is designed for all learning preferences, ensuring maximum impact.
  • Delivered by Educators – Our trainers have a strong teaching background, having experience teaching at high schools, TAFE, and universities, making security accessible to all audiences.
  • Proven Success – Organisations like IA Group return year after year because the training works.

What stood out the most from the training was the discussion and demonstration of various hacking and scamming methods. It highlighted how easily individuals can obtain or download the necessary software and equipment to carry our malicious acts. This increased our awareness of how to protect ourselves.

IA Group

Looking to Build a Security-Conscious Workforce?

If your organisation is struggling to make security awareness engaging and impactful, Morrisec’s custom security awareness training can help. Whether you’re just starting your security journey or looking to improve your existing training, we provide tailored, effective solutions that drive real change.

 

Contact us today to discuss your security awareness needs.

Case Study
Sarah Morrison

Sarah Morrison

Sarah is the Co-CEO of Morrisec. With over 20 years in cybersecurity and a PhD in Russian information operations, Sarah has a deep understanding of threat actors and their tactics and motivations, making her highly equipped to assist organisations in their defence against them.
The Final Countdown for PCI DSS 4.0.1 Best Practices

The Final Countdown for PCI DSS 4.0.1 Best Practices

Mar 25, 2025

​When PCI DSS version 4.0 was released in March 2022, it introduced a range of updates designed to modernise payment security and address evolving threat landscapes. Among these changes were 48 new requirements that were initially classified as best practice — giving...

Cyber Security Act 2024 – Frequently Asked Questions (FAQ)

Cyber Security Act 2024 – Frequently Asked Questions (FAQ)

Mar 21, 2025

Although the Cyber Security Act 2024 appears as a significant shift in the trajectory and expectations of Cyber Security practices in Australia, there are a few questions that begin to arise when attempting to completelty understand the new legislation. According to...

Cyber Security Act 2024

Cyber Security Act 2024

Mar 18, 2025

The Cyber Security Act 2024 was assented to on November 29, 2024, with key provisions commencing on November 30, 2024, and others coming into effect within the next 6-12 months by proclamation. This Act marks a significant and reformative shift in Australia’s...

0 Comments