Genel

THE IMPACT OF PHISHING TRAINING ON EMPLOYEES

0 7

According to experts, the best measure against phishing attacks is to increase your employees’ cybersecurity awareness. So, the best method to avoid cyberattacks is cybersecurity awareness training. This training usually includes phishing simulations and informing employees regularly. However, it is a fact that the effect of this training depends on the employee’s desire to learn. Recent research suggests that companies should provide their employees with cybersecurity training at least every six months. But how to measure the impact of phishing training on employees?

How To Measure The Impact of Phishing Training on Employees?

In a study conducted on approximately 400 employees last year, significant results were obtained regarding the impact of phishing training on employees. Studies carried out until today have shown that employees’ awareness generally increases after the training, but this awareness decreases over time. These studies did not reveal how long the impact of phishing training on employees lasts. This new study we will be talking about clearly reveals how long the effects of the training last.

It takes a year to get results from the study. In this process, experts ask employees to periodically examine various e-mails and determine whether the e-mail is a phishing e-mail. According to the results, while employees can successfully detect attacks in the 4 months following the training, after 6 months, their success rate drops.

Details Of The Study:

In summary, at the beginning of the process, experts talk about the threats that the company faces, the attack rates, and the forms of attacks in recent years. Employees get the chance to examine examples of emails with fake sites and malicious attachments. IT experts provide information about the ransomware and phishing attempts that have happened to the company in the past. Afterward, experts talk about measures such as the use of strong passwords. At the end of the training, employees take a test on creating strong passwords for themselves.

In the training process, the attack methods that usually concern the company are mentioned. Experts provide information on malicious emails for most of the training, although they briefly mention SMS (Smishing) or Phone (Vishing) attacks. The study results do not include a few employees who have a very high failure rate or do not take training seriously.

The results of the research do not seem to surprise experts. Although training is the best method against phishing, the effect of training is expected to decrease over time. Because human habits are not easily changeable behaviors. For a behavior to become permanent, the behavior should be repeated frequently. And employees must take action on this newly learned behavior.

How To Make The Impact of Phishing Training on Employees Last Longer?

According to the results of the study, interactive phishing training containing training videos is more effective.

It is also crucial to use the material presented in training in these videos or interactive examples. Repeated use of information reinforces learning. However, when there is new information or an unknown term in the examples, the training’s effect decreases. For this purpose, companies can send videos to their employees that repeat the information they teach in education and conduct phishing tests in interactive studies. Also, the information shown in phishing awareness training should be reminded at least every 4 months.

So, Which Methods Increase The Impact of Phishing Training on Employees?

  1. Preparing education material beforehand and organizing regular training.
  2. Testing employees with unexpected phishing simulations.

But the content of messages and the time of the simulation is very critical. Many companies have been the target of criticism for conducting unethical phishing simulations in the past years. Research companies also deem the results of these tests invalid.

In addition to the methods mentioned above, it is also essential to create a common phishing awareness in your company and to increase solidarity when fighting phishing attacks. You can use our threat intelligence tool for this. Thanks to this tool, you can quickly inform your employees in case of possible risk and make them take precautions.

“This post is originally published at www.phishing.org.uk”

RSS Teknoloji Haberleri

  • Flurona / Gripona nedir?
    Koronavirüs salgınında ortaya çıkan, Flurona/Gripona olarak adlandırılan ve paniğe neden olan durum tam olarak ne anlama geliyor? Gerçekten tehlikeli mi?
  • Tarihin en trajik hayvan katliamı
    İkinci Dünya Savaşı'nda yaşanan büyük yıkımın gölgesinde kalsa da, İngiltere'de yaşanan bu trajik hayvan katliamı, tarihin en üzücü hayvan katliamlarından biri olabilir!
  • Apple'dan yeni aşı kararı
    Apple, çalışanlarının aşı olmaları konusundaki kararlılığını sürdürüyor. Şirketten gelen yeni haberler, iPhone üreticisinin hatırlatıcı dozları zorunlu yapacağını söylüyor!
  • Ünlü astronot öğrencilerle buluştu
    İTÜ ETA Vakfı Doğa Koleji'nin eğitim sponsoru olduğu NASA Uzay Sergisi, Avrupa Uzay Ajansı'ndan (ESA) astronot Andre Kuipers'i ağırladı. Metropol İstanbul içinde kurulan NASA Uzay Sergisi kapsamında 12 Ocak'ta İstanbul'a gelen astronot Metropol İstanbul içerisindeki "Doğa Space Shuttle" alanını ziyaret etti, İTÜ ETA Vakfı Doğa Koleji Mars Kampüsünün canlandırıldığı etkinliği deneyimledi.
  • Şaşırtıcı köpekbalığı - Ay ilişkisi
    Bilim insanları, köpekbalıklarının insanlara saldırması ve Ay'ın evreleri arasında şaşırtıcı bir ilişki olabileceğini ortaya koydu.