"A new study has confirmed what many of us suspected -- employee phishing training is simply not worth the effort. The , conducted by UC San Diego Health and Censys researchers, found that phishing-related cybersecurity training programs had no effect on whether or not employees were duped by phishing emails. After analyzing the results of 10 different phishing email campaigns sent to over 19,500 employees at UC San Diego Health over eight months, the researchers found "no significant relationship between whether users had recently completed an annual, mandated cybersecurity training and the likelihood of falling for phishing emails.""
"The team also investigated whether embedded phishing training -- when organizations send simulated phishing emails to see if their employees will fall for them -- was effective. Simply put, it wasn't, and there was almost no difference in failure rates for those who completed the training versus those who did not. The groups were separated by a reduced likelihood of falling for a phishing email of only 2%."
Phishing remains a major and growing threat to organizations of all sizes. Analysis of 10 simulated phishing campaigns involving over 19,500 employees over eight months showed no significant relationship between completing mandated annual cybersecurity training and falling for phishing emails. Simulated embedded phishing exercises produced almost no difference in failure rates between trained and untrained employees, with only a 2% reduction for the trained group. Phishing is the leading cause of ransomware this year and the most reported attack vector among businesses, with reported incidents rising from 25% to 35%. Organizations are urged to invest in more effective countermeasures.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]