Problem is not so much that it's "basic" but that phishing awareness training doesn't always have great ROI https://www.buzzfeed.com/sheerafrenkel/senate-staffers-first-ever-cybersecurity-training-was-embarr?utm_term=.icVzWXvWgk#.loZNgL0gQq …
-
-
The times I've been consistently stopped/caught phishing/onsite social engineering is regular testing/training.
-
if they're not getting better, it might be just that crappy training is crappy.
-
Tweet unavailable
-
We already know uneducated people fall for phishing. Uneducated people are also bad at math.
End of conversation
New conversation -
-
-
Have you ever heard of teaching someone an important skill by training them on it one day a year? Of course it fails.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
also, willing to share my direct experiences over DM with examples
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I'd argue a security control can have value with 20% efficacy or less. Depends on how it works, context, other factors.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Phishing training is just one of many layers. It doesn't have to be 100% effective to have value.
-
a more thorough security-mindedness is needed, not just a one-off training session, I concur with you there
End of conversation
New conversation -
-
-
A total myth that comes from doing phishing training badly.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Yes, absolutely - the part of the pentest that concerns relying on users as the weak link (soceng)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.