Early to a meeting, an employee decides to check direct messages on their favorite social network.
Uh, oh. A message from the social network’s security team says their account has been hacked. They’ll need to click on the link to reset their password.
You know the rest of the story. The link goes to a fake website from which a malicious payload is downloaded. Once running on the employee’s laptop, it creates havoc on the network.
Despite regular cybersecurity awareness training, employees still compromise security by falling for social engineering attacks. Unfortunately, these attacks compose the vast majority of cyberattacks. And the reason for that is clear: people are vulnerable to being tricked. Human nature is no match for the ever-evolving cyberattack landscape. To make things worse, cyberattackers are increasingly using advanced technologies like synthetic media and artificial intelligence (AI) to accelerate the growing sophistication of social engineering attacks.
Sure, cybersecurity training helps. It can produce real change in the behavior of a majority of employees. But for many staff members, the change is temporary and partial. So here’s what a lot of training often gets wrong, and more importantly, how to get it right.
Why training fails
The essential problem is that cyberattack techniques that exploit human decision-making evolve faster than our thinking about how to effect change in the behavior of employees. It’s time to change faster.
Here are some great ideas about how to make cybersecurity training much more ..
Support the originator by clicking the read the rest link below.
