"The , conducted by UC San Diego Health and Censys researchers, found that phishing-related cybersecurity training programs had no effect on whether or not employees were duped by phishing emails. After analyzing the results of 10 different phishing email campaigns sent to over 19,500 employees at UC San Diego Health over eight months, the researchers found "no significant relationship between whether users had recently completed an annual, mandated cybersecurity training and the likelihood of falling for phishing emails.""
"This is especially concerning, given that phishing was found to be the leading cause of ransomware this year, fueled by infostealers and the abuse of AI tools, according to a new SpyCloud Identity threat report . Phishing was also the most reported attack vector by businesses participating in the research and was cited by 35% of affected organizations -- up from 25% in 2024."
Phishing remains a major and growing threat to businesses and causes a rising share of ransomware incidents. Analysis of ten distinct phishing email campaigns targeting over 19,500 employees across eight months found no significant relationship between completion of annual mandated cybersecurity training and likelihood of falling for phishing emails. Embedded phishing simulations produced almost no improvement, reducing the likelihood of falling for a phishing email by only 2%. Phishing was the most reported attack vector among affected organizations, cited by 35% of respondents, up from 25% the previous year, with threats amplified by infostealers and AI misuse.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]