When assessing the success of security awareness training, it’s important to be realistic about expectations around changing human behavior. A lot goes into putting technical controls in place so that attackers don’t get into where they shouldn’t be.
Chris Weber, co-founder of Casaba Security said that “Phishing attacks are pretty measurable. You give folks a phishing workshop, then go and run a phishing testing campaign and see how many people fall for the lure and how many people report the attack or suspicious email,” Weber said.
Because many of the threats delivered by malicious actors often tie into phishing, these exercises can’t be overlooked, particularly in light of people’s inclination to overshare.
“Most companies are embracing some type of annual or onboarding training, letting folks know these are the things you should watch out for if you are trying to access company resources,” Weber said.
Online security is becoming increasingly problematic. Website security leader Trust Guard, for example, scans for more than 75,000 vulnerabilities used by hackers to access websites. That’s more than double the number of more security holes they originally scanned for when they started monitoring websites eight years ago.
Read the complete article here: