<p>Cybersecurity Awareness Month was introduced in October 2004 by the U.S. Department of Homeland Security and the National Cybersecurity Alliance. Its initial guidance, which covered simple security tasks — such as updating antivirus twice a year, just as you would change the batteries in your smoke alarms at daylight saving time — evolved into a month of best practices and advice for consumers, businesses and governments alike.</p>
<p>While often mocked or ridiculed — yes, people still fall for the same <a href=”https://www.techtarget.com/searchsecurity/definition/phishing”>phishing</a> scams they did years ago, and yes, <a href=”https://www.techtarget.com/searchsecurity/definition/security-awareness-training”>cybersecurity awareness training</a> can be a drag — the underpinning notions that cybersecurity is critical, and individuals and businesses must do their share to stay safe from cyberthreats are no joke.</p>
<p>This week’s featured news looks at the latest in enterprise cybersecurity awareness — for better and worse.</p>
<section class=”section main-article-chapter” data-menu-title=”Traditional cybersecurity training fails to thwart phishing attacks”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Traditional cybersecurity training fails to thwart phishing attacks</h2>
<p>Despite decades of investment in cybersecurity awareness training, recent research revealed these programs are largely ineffective and sometimes counterproductive.</p>
<p>A comprehensive review of studies since 2008 found that common training methods — including annual webinars and embedded lessons after failed phishing tests — do not significantly reduce employees’ susceptibility to attacks.</p>
<p>Researchers from the University of Chicago and University of California, San Diego found “no evidence that annual security awareness training correlates with reduced phishing failures,” while ETH Zurich studies showed embedded training can make employees overconfident and more vulnerable.</p>
<p>Additional research indicated that knowledge alone doesn’t translate to behavioral change, with training effects disappearing within six months.</p>
<p><a target=”_blank” href=”https://www.cybersecuritydive.com/news/cybersecurity-awareness-training-research-flaws/803201/” rel=”noopener”><i>Read the full stor
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: