"The , conducted by UC San Diego Health and Censys researchers, found that phishing-related cybersecurity training programs had no effect on whether or not employees were duped by phishing emails. After analyzing the results of 10 different phishing email campaigns sent to over 19,500 employees at UC San Diego Health over eight months, the researchers found "no significant relationship between whether users had recently completed an annual, mandated cybersecurity training and the likelihood of falling for phishing emails.""
"Simply put, it wasn't, and there was almost no difference in failure rates for those who completed the training versus those who did not. The groups were separated by a reduced likelihood of falling for a phishing email of only 2%. This is especially concerning, given that phishing was found to be the leading cause of ransomware this year, fueled by infostealers and the abuse of AI tools, according to a new SpyCloud Identity threat report."
Phishing-related cybersecurity training programs had no measurable effect on whether employees were duped by phishing emails. Analysis of 10 phishing campaigns sent to over 19,500 employees across eight months showed no significant relationship between recent completion of annual mandated cybersecurity training and the likelihood of falling for phishing emails. Simulated phishing exercises produced almost no difference in failure rates, with only a 2% reduced likelihood among those trained. Phishing emerged as the leading cause of ransomware this year, driven by infostealers and misuse of AI tools. Phishing was the most reported attack vector, cited by 35% of affected organizations, up from 25% in 2024.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]