Recent Posts

Recent Blog Posts

The PhishLabs Blog

Why Your Security Awareness Training Isn't Working and What to Do Instead

Posted by Dane Boyd on Jun 22, '17

At this point, everybody knows phishing is a threat.

But then, it’s difficult to deny. As Verizon points out, over 90 percent of data breaches include a phishing or social engineering component, including many of the high profile breaches we all read about each week.

In fact, from a security perspective, phishing is the single greatest threat to most organizations, whether they’re tiny family owned businesses or huge multinational conglomerates.

So what are most organizations doing to defend against phishing?

Naturally, they’re… doing almost nothing. Best case, they might be holding an annual awareness session in some dark basement room, where a bored intern tries to explain why everybody should stop clicking on dodgy links and attachments.

Now yes, most organizations have implemented some sensible technical controls, such as advanced spam filters and blacklists. They might even go a stage further, by implementing content filtering technologies, and email authentication protocols such as DMARC, SPF, or DKIM.

But the truth is no matter how good your technical controls are, some phishing emails will always reach your users’ inboxes. And when that happens, substandard awareness training won’t be enough to prepare them.

Read more in this isBuzz news article...

Topics: security awareness training

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all