Yeah it’s been a few years and I don’t remember what at this point, but my training has taught me a new scam or two before.
Comment on Study concludes cybersecurity training doesn’t work
TheAsianDonKnots@lemmy.zip 2 days agoI guess I don’t understand the metric of success. My training at work has helped me recognize risks more than most of my family that has no idea what root domain URL scam is. Did most of my family fail? Yes. Did 20% learn something and avoid risk? Yes.
In large companies the training is for liability purposes, “see they all passed their tests, we tried to warn them”. People are always going to be the attack vector, that’s unavoidable… but 20% success is better than 0% success. As an admin, if I received a 20% spike in phishing reports, that’s statistically significant and should be looked into and stopped (proxy violation).
Cost of training is unavoidable and budgeted for.
CH3DD4R_G0BL1N@sh.itjust.works 1 day ago
14th_cylon@lemmy.zip 1 day ago
i guess you will find if you read the study mentioned in the article.
it is certainly possible that the study, or its interpretation in the article, is bs - i did not read either one of them. i am just stating in the vacuum that if something does not work (which is what that headline presents as conclusion of the study), then wasting time and money on it is worse than doing nothing.