Best Blogposts 2017

Top 5 Blog Posts of 2017

When we look back on 2017, it is really hard to grasp all the transformations in which our world finds itself. Blockchain, the beginning of the end of the internal combustion engine in the car, autonomous drone deliveries and global malware attacks were in the spotlight in 2017. Technology changes the world. LUCY Security is also a technology company and we look back to the end of the year, which were the five most popular blog posts that were in our spotlight.


1st Place: Setup Phishing attack – Your first Phishing simulation

Setup your own Phishing attack within minutes due template based wizards. If you want to find out how vulnerable your people are to phishing scams , you should opt for the powerful and free LUCY Community Edition. Watch the screencast how it’s done.


2nd Place: It takes you 2 Minutes to create and send out a Ransomware Simulation

Setup and execute a Ransomware attack simulation in just two minutes thank to LUCY Server. The software provides different infrastructure assessment templates for malware simulations. You can check until what extend a ransomware attack would be possible in your organization. In addition there is a ransomware alike phishing attack template available who locks the users computer.


3rd Place: The Who is Who in Information Security

An overview and ranking of the 150+ most influencial blogs  and content contributors in the area of Cyber Security: This article includes rankings based on the Alexa position and based on Twitter followers. The full study can be downloaded in PDF format.


4th Place: Create an Run Malware Simulations with LUCY Server

Setup and run different types of malware attack simulations with LUCY: In a set of screencasts we show you how you can execute vulnerability scans, ransomware simulations, remote console posts and many more! Have a look on the 5 videos!


No. 5: New or Improved Testing and Learning Content with the Phishing Awareness and Attack Scenario Update

New Phishing Awareness Training Content and updated Attack Scenarios. We put our spare time into producing new and highly valuable phishing awareness training content: Videos, Courses and even Exams.  Read the full article.


We are pleased that our video contributions have been particularly well received by our readers. We would like to thank our loyal readers and wish everyone a great 2018!






Vote for LUCY at the Cyber Security Awards 2018

Help us with one click! Cyber Security Awards 2018

We ask you for support: Vote for LUCY in the Cyber Security Awards 2018! (Quicklink here)

Vote for LUCY at the Cyber Security Awards 2018: Picture with a beautiful landscape in SwitzerlandThe community, the opinions of our users and the support of the base are very important to us. We take our environment seriously and that’s why we have invented a LUCY User Group. Why? Because we are convinced that not only a top product is needed, but also a good environment in order to be able to compete successfully on the market.

Awards or prizes are not vital for survival, but they represent our position on the market to a certain extent. It is also fun and enjoyable to not only maintain satisfied and win new customers, but also to win a prize from time to time!

That’s why we ask you for supporting us, we are happy about your vote! Hopefully LUCY will become a finalist of the Cyber Security Awards 2018!!

Happy Phishing and Training, Oliver & Palo


100% of those present want to participate again! A brief review of the LUCY Connect User Conference 2017

With a dream rating of 3.9 (out of 4) and more than 73% of feature requests put on the the development list, the first LUCY User Group conference was a complete success!


During the it-sa fair in Nuremberg on 10.10.2017 the first event with active customer participation was held as the first international cyber prevention summit.

Company Key Note from Robert Bosch

“Cyber Resilience as a Silver Bullet?” The keynote presentation by Patrick Zeller from Robert Bosch GmbH on the topic Cyber Resilience (Wikipedia) was very interesting and enriching. It showed that a modern security dispositive must necessarily expect successful security incidents. In order to ensure the security and ultimately the integrity of the IT landscape, state-of-the-art security concepts and their implementation must be

  • Based on realistic assumptions and possibilities,
  • Holistic (i. e. all-embracing, the whole IT-Landscape) and
  • Being able to react dynamically to a wide variety of threat scenarios when dealing with them.

Outlook on future LUCY versions, exchange of experience and development proposals – Following the keynote speech, LUCY founder Oliver Münchow gave an insight into the development focus of future LUCY versions. The further development of the LUCY server, especially with regard to the functionalities around the “Behavorial E-Mail Threat Management” (BTM) was well received. In joint workshops, best practices and experiences in dealing with phishing tests, employee awareness measures and best practices related to technical configuration aspects of the LUCY server in data center environments were exchanged.

73% of the submitted development requests for LUCY servers were included in the development list – the workshop part was completed with the collection of development requests for new LUCY features. Not only feature requests were collected, but the heads of LUCY development  also determined which development requests are effectively transferred to the development list! The customer input was so good that 73% of the development requests from LUCY Connect participants were transferred to the customer list.

Impressive results of the LUCY Connect satisfaction survey – The results of the satisfaction survey of the first user conference on cyber prevention, awareness and security testing speak for themselves:

We are proud to have received such a great feedback! Thank you very much.


Virtual LUCY Connect / LUCY Connect @ RSA2018 / LUCY Connect Europe 2018 – The positive feedback from LUCY Security and our LUCY Eco System Partners has encouraged us to continue supporting the customer base and the community. Safety is always a collective achievement! And the integration in a strong community helps Allen.

That’s why the LUCY Connect is being continued: In January 2018, a first attempt with a virtual edition of the LUCY Connect will be launched. In April 2018, the first North American LUCY Connect will be held as part of the RSA Conference San Francisco, before the second European event will take place in the summer of 2018.


About LUCY Connect – LUCY Connect as a user conference and cyber prevention summit is to strengthen all participants: learn from the experiences of other users at workshops, share your development wishes for LUCY, find out intimate details about future product versions and benefit from the unique network of the LUCY Community. Find out more on the conference website.

Infosec trade shows are not dead!

Have IT fairs become obsolete? No, absolutely not! [Video]

Unexpectedly high visitor interest for the LUCY Testing and Awareness Server at it-sa 2017.

Three days in Nuremberg. Three people at the booth. There’s always something going on. Demos are made, questions answered and business cards exchanged. Lunchtime will be cancelled and at the end of the first day the first printed matter will be sold out.  The young company LUCY Security started to exhibit at IT-Security fairs / tradeshows in year 3 of its existence. The stand at this year’s it-sa is already the fourth appearance of this year. Every exhibition has been a success so far! The interest was great everywhere, you could make a lot more LUCY presentations than normal and you could feel the pulse of the market at every trade show!

Itsa – The pulse of the information security market is pounding! Or maybe he’s even furious. With 630 exhibitors and just under 13,000 visitors, the it-sa trade fair 2017 in Nuremberg was able to record an increase of more than 25% in both key figures compared to the previous year! All of these visitors felt at LUCY’s stand; -) In any case, the interest was enormous and we don’t regret the decision to exhibit at the probably most important European Security Fair in any way.

LUCY Security is on the right track with its product: Employee awareness will become a key InfoSec topic of the year 2018, we are convinced! The 45 seconds clip below gives a good impression of the fair:


The LUCY Security exhibition calendar 2017:

  1. SIGS Technology Conference, Regensdorf, Switzerland.
  2. Public IT Security Conference (PITS, 12 und 13 September, Berlin, Germany (Messebeitrag / Presentation: „Strategies against Social Engineering”).
  3. Internet Security Days, Fantasialand Brühl, Germany.
  4. it-sa 2017, 10.10.2017 – 12.10.2017, Nürnberg, Germany (Press Release: Growth).
  5. Swiss Green Economy Symposium 2017 (SGES), 30.10.2017, Winterthur, Switzerland.


Coming next

….and it-sa 2018: We’ll be back!


100% of the major US companies have an IT security program: Results of the CISO Survey 2017

The situation in the largest market for simulated Internet attacks and IT security awareness testing is absolutely clear: Social engineering for educational purposes has become a regular activity at US companies. Phishing simulations are part of their daily business!

The results of the LUCY CISO survey among IT security representatives of renowned US companies speak for themselves:

  • 100% of the CISOs / IT security officers interviewed stated that they maintain a program to raise awareness of Internet risks among employees in their company
  • 100% of respondents stated that they used training videos to maintain employee awareness
  • With the exception of one person, all respondents have requested that they conduct phishing tests (phishing simulations) in their company
  • More than 90% of respondents stated that their companies use automated threat analysis systems[1] (cyber risks)
  • Less than 10% of respondents stated that malware and ransomware simulations[2] are performed in their companies

Conclusion: In the USA, it has been recognized that not only the IT systems need to be protected, but also the employees have to be’ imumunized’ through ongoing training. This is the only way to ensure sustainable and improved protection against cybercriminality. Offers for such activities become widespread. The offering turns into a commodity as the market.

Survey: On the occasion of the Security Shark Tank held in Palo Alto on October 5,2017, LUCY Security conducted a survey among a group of 24 American CISOs. The survey focused on phishing testing, employee awareness and alerting in threat situations. The number of respondents is not sufficient for a statistically relevant study. Nevertheless, the CISO survey clearly shows the market situation in the USA who is the largest Security Awareness Testing and Training Market.



[1] This corresponds to the Threat Analyzer und (neu) dem Threat-Mitigator

[2] This corresponds to Malware- und Ransomware-Simulation in LUCY (Malware Simulation Toolkit)


IT Security Tutorial Content available for free download in LUCY

New IT-Security Tutorials and Videos available for Free Download in LUCY

Download the new set of security tutorial video’s and brand new phishing attack templates for LUCY Server. Big free content upgrade 2017-09 is available now for everybody.

We have heard from some customers that they would like to use shorter versions of our popular videos. LUCY Security meets this demand with the big content update 09/2017. Not only are rich media security tutorials and videos delivered, but also brand new attack templates for phishing simulations. The content was tested and improved by our pilot customers. We can only recommend the videos: Don’t only run Mock Phish Campaigns, but also educate your staff with security tutorials from LUCY!

No. 4 this year – This is already the fourth content update this year. The software actually counts 97 phishing simulation templates, 38 awareness trainings, 16 educational videos and 16 file based attack templates and everything is included for free in LUCY Server.

Spam Unsubscribe – Spammers sometimes just send an email to get the user to click on the unsubscribe link in order to verify their email address. In this scenario we simulate such a SPAM message with an unsubscribe link.


Payment reminder template for mock phish with lucyPayment Reminder (Payoner) – The recipient gets a reminder of a payment, which is due. Clicking on the “reject” button allows the user to start a dispute.



it security tutorial is available for free download in lucyEmail Security Video – Short Version -In this short (~1 minute) security tutorial video we talk about email security risks. We have put together a few security tips, which involve best practices and policies. The content (animation, language, script) is customizable. More info about customization can be found here:


password security video - it security tutorial is available for free download in lucyPassword Security Video – Short Version – In this (~1 minute) security tutorial video we talk about password security risks. We have put together a few security tips, which involve best practices and policies. The content (animation, language, script) is customizable.


physical security video short - it security tutorial is available for free download in lucyPhysical Security Tutorial Video – Short Version – In this (~ 1 minute) security awareness video we talk about physical security risks. We also have put together a few security tips, which involve best practices and policies. The content (animation, language, script) is customizable.


Infosec Tutorial Video - This IT security tutorial is available for free download in lucyLucy Phishing Educational Video – Short version – This is a 1 minute educational video about phishing attacks. Every video scene can be customized (e.g. custom branding) and translated into additional languages.  This video allows you to track if the user watched the video.


Mobile Security Tutorial VideoMobile Security Tutorial Video 1.1 – Short Version – This short security video gives a few tips regarding the secure usage of mobile devices (mainly smartphone & laptop). Length: ~ 1 Minute, Audiences and Skill Levels see above and please note that all video’s can be fully customized. More info:


ransomware tutorial videoRansomware Tutorial Video – Short Version – In this short video (~ 1 Min) we talk about the ransomware threats. Since the NotPetya and WannaCry attacks of 2017, this video is very popular!


Security Tipps Tutorial Video by LUCYSecurity Tips Tutorial – Short Version – In this short (~ 1 minute) security tutorial video we have put together a few security tips, which involve best practices and policies that promote security. The content (animation, language, script) is customizable.


Microsoft receipt tutorial from LUCY SecurityMicrosoft Receipt Mock Phish Attack Template – This is a file based only scenario without a landing page containing a Word file with macros. When the macro gets executed, the script will simply connect back to LUCY using the build in browser. No data is transmitted. You will have the ability to track, who executed the macro.


Avoid Phishing Attacks TutorialAvoid & Recognize Phishing Attacks (Remake 09/2017: Version 2.1) – In this static course we describe the different phishing types (MASS-SCALE PHISHING, SPEAR PHISHING, WHALING, VISHING, SMISHING, SOCIAL MEDIA PHISHING) and give the user practical tips. All content is 100 % customizable. Duration: 5-10 Minutes.

Security Awareness Videos, Tutorials, Trainings and Quizes from LUCY – everything is included!

By the way: If you want to translate the video into your local language, we do this for only 350 USD….

Inaugural LUCY User Group Congress and Cyber Prevention Summit 2017

Inaugural LUCY Connect Conference

LUCY at it-sa 2017 exhibitor

Meet LUCY and other true heroes from 10-12 October 2017 at the it-sa in Nuremberg

  • LUCY Security as an exhibitor and forum speaker at the second largest IT security exhibition in the world. Meet the founders, let the product show you live and convince yourself personally of the top solution.

Meet LUCY and other true heroes at it-sa in Nurembergit-sa is the number 1 in Europe for IT security. The increasing trend towards digitization and networking is placing ever higher requirements on data and systems security. In view of the increasing amount of areas open to attack, it-sa as the annual highlight is presenting sector-specific security solutions. With over 10,000 trade visitors and 489 exhibitors, it-sa is Europe’s largest expo for IT security. In 2017 the experts from LUCY will be present for the first time as well, and the high-profile supporting program completes the event in an wonderful way.

Live Demo! In the forum LUCY Security will perform a live demo: “Set up, execute and analyse a personalized Spear-Phishing Simulation with integrated malware.”

Hall 9-130: LUCY Security will exhibit in Hall 09-130. You can visit LUCY’s contribution to the Forum on 10.10.2017 at 4:30 pm.



MEET LUCY & TRUE HEROES on Europe’s biggest IT security stage! 10 – 12 October 2017 Nuremberg.

More documents:

floorplan it-sa 2017 with LUCY Security - Stand 09-130

Where to find LUCY at it-sa 2017: Hall 9 Stand 09-130

PITS 2017 - Public IT Security im Hotel Adlon Berlin 12/13. September 2017

LUCY at PITS 2017: “The best action against social engineering is own social engineering!”

Have you ever prepared and launched a phishing attack in 15 minutes? Vaccine your staff with realistic phishing simulations and active training against malware and ransomware! We show this at PITS 2017, organized by the mighty german “Behördenspiegel”.

On September 13th, 2017, we will show live at PITS – the Public IT Security Fair 2017 at Hotel Adlon – how to set up, implement, execute and monitor a web-based phishing campaign in LUCY for training purposes. Our LUCY founder, Oliver Münchow, shows how she:

  • Create a web based phishing scenario, using your own website as a template
  • Insert additional “layers” in the scenario, so that you can capture username and password
  • Configure and personalize the phishing mail messages
  • Start, run and monitor the campaign including the behaviour when a user is trapped. We show also how the data input is tracked and stored
  • Analyze the results of the phishing campaign

And all this within 15 minutes! Sign up below!

Exciting Security Tracks

In addition to the Keynotes there are many other, even more exciting speeches and forums:

  • LUCY: Awareness and strategies against social engineering
  • Cyber Threat Intelligence – Knowledge is power
  • Protection against cybercrime
  • Security of mobile devices
  • Cyber attacks and counter-measures
  • Digital forensics
  • Darknet: The Shadow World of the Internet
  • Advanced Persistent Threats (APT)
  • Protection of public infrastructures and networks
  • CERT’s and emergency concepts
  • Trusted Cloud
  • Management of access rights / criminal operating platforms
  •  Current situation on IT insecurity
  • Strategies against Ransomware
  • SAP Security – holistic protection against cyber threats for SAP applications

The Public IT Security Fair PITS 2017 will take place on 12/13. September 2017 at the Hotel Adlon in Berlin.

LUCY makes cyber prevention and simulated internet attacks affordable and available for everyone – It’s DIY IT Security Awareness & Training!

Bring IT Services

Bring IT Services is a new LUCY Partner in Turkey!

Turkey is heavily under attack by cyber criminals and an important market for LUCY.  That’s why we are delighted to announce a new partnership with Bring IT-Services. 

Bring IT Services TurkeyBRING IT Services‘ aim is bridging the Ingenuity Gap between Customers and Perfect IT Solutions. BRING IT Services offers solutions to Enterprises to overcome the challenges they have in Data Management and Information Security processes. “We help organizations to find the best ways to Manage and Secure their Data, wherever it resides. LUCY is a great additional way to achieve that!” says Bring owner Nebi Gurbanli.

…interested in becoming a Certified LUCY Partner? Apply here!