Maybe not if it only gives a false sense of security.
Comment on Study concludes cybersecurity training doesn’t work
TheAsianDonKnots@lemmy.zip 2 days ago
Isn’t any training better than no training?
kopasz7@sh.itjust.works 2 days ago
Comment on Study concludes cybersecurity training doesn’t work
TheAsianDonKnots@lemmy.zip 2 days ago
Isn’t any training better than no training?
Maybe not if it only gives a false sense of security.
14th_cylon@lemmy.zip 2 days ago
no. training costs time and money, so if it has zero effect, then no training is clearly better.
TheAsianDonKnots@lemmy.zip 2 days ago
I guess I don’t understand the metric of success. My training at work has helped me recognize risks more than most of my family that has no idea what root domain URL scam is. Did most of my family fail? Yes. Did 20% learn something and avoid risk? Yes.
In large companies the training is for liability purposes, “see they all passed their tests, we tried to warn them”. People are always going to be the attack vector, that’s unavoidable… but 20% success is better than 0% success. As an admin, if I received a 20% spike in phishing reports, that’s statistically significant and should be looked into and stopped (proxy violation).
Cost of training is unavoidable and budgeted for.
furrowsofar@beehaw.org 3 hours ago
Some of it is useful but IT practices that waste my time mean I get less done, makes me work more unpaid overtime, and destroys innovation and the company in the long run because more and more things need permission. You cannot run an imnovative organization that way.
14th_cylon@lemmy.zip 2 days ago
i guess you will find if you read the study mentioned in the article.
it is certainly possible that the study, or its interpretation in the article, is bs - i did not read either one of them. i am just stating in the vacuum that if something does not work (which is what that headline presents as conclusion of the study), then wasting time and money on it is worse than doing nothing.
CH3DD4R_G0BL1N@sh.itjust.works 2 days ago
Yeah it’s been a few years and I don’t remember what at this point, but my training has taught me a new scam or two before.