Cybersecurity Training Programs Don't Prevent Phishing Scams
17 hours ago
- #Phishing
- #Training Effectiveness
- #Cybersecurity
- Cybersecurity training programs currently used by large companies are ineffective in reducing phishing scam risks.
- A study involving 19,500 UC San Diego Health employees found no significant impact of annual cybersecurity training on phishing susceptibility.
- Embedded phishing training, provided after clicking a test phishing email, showed minimal effectiveness with only a 2% reduction in phishing link clicks.
- Phishing remains a major cybersecurity threat, responsible for 16% of successful breaches, especially in healthcare where data breaches are at record highs.
- Most employees (75%) engaged with embedded training for less than a minute, with one-third not engaging at all.
- Phishing effectiveness varied by email type, with some lures like 'vacation policy updates' achieving a 30.8% click rate.
- Researchers recommend focusing on technical countermeasures like two-factor authentication and domain-specific password managers instead of current training methods.