Security and phishing awareness programs wear off in time, and employees need to be re-trained after around six months, according to a paper presented at the USENIX SOUPS security conference last month.
The purpose of the paper was to analyze the effectiveness of phishing training in time.
Taking advantage that organizations in the German public administration sector must go through mandatory phishing awareness training programs, academics from several German universities surveyed 409 of 2,200 employees of the State Office for Geoinformation and State Survey (SOGSS).
Researchers tested the effectiveness of the phishing training over time, with periodic tests at regular intervals, to determine when SOGSS employees would lose their ability to detect phishing emails.
Employees were split into multiple groups and tested four, six, eight, ten, and twelve months, respectively, after receiving an on-site phishing training course.
The research team found that while the survey takers were able to correctly identify phishing emails even after four months following the initial training, this was not the case after six months and beyond, with a new training being recommended.
Video and interactive training works best
Researchers also developed their own "reminders" in order to "replenish the employees' phishing awareness and knowledge," which they used to re-train employes after taking their survey, and again six and twelve months later.
"We developed four different ones," academics said.
"Four reminder measures were distributed to four groups (one per group): (a) text, (b) video measure, (c) interactive examples, and (d) a short text.
"Twelve months after the tutorial, we compared the knowledge retention of the four reminder groups [...]. Among the four reminder measures, the video measure and the interactive examples measure performed best, with their impact lasting at least six months after being rolled-out."
Academics concluded that while training employees in detecting phishing emails might help organizations fend off some attacks, this training needs to be cyclical, with training sessions repeated, optimally every six months and using interactive or video training measures.
Additional details about the research team's work can be found in a paper named "An investigation of phishing awareness and education over time: When and how to best remind users" [PDF here or here].
tinyurlis.gdv.gdv.htclck.ruulvis.netshrtco.detny.im
مقالات مشابه
- شرکت صادرات و واردات کالاهای مختلف از جمله کاشی و سرامیک و ارائه دهنده خدمات ترانزیت و بارگیری دریایی و ریلی و ترخیص کالا برای کشورهای مختلف از جمله روسیه و کشورهای حوزه cis و سایر نقاط جهان - بازرگانی علی قانعی
- بک لینک PBN
- شرکت صادرات و واردات کالاهای مختلف از جمله کاشی و سرامیک و ارائه دهنده خدمات ترانزیت و بارگیری دریایی و ریلی و ترخیص کالا برای کشورهای مختلف از جمله روسیه و کشورهای حوزه cis و سایر نقاط جهان - بازرگانی علی قانعی
- Australians are caring more about data privacy but don't know how to protect themselves
- هکر پشت Ripoff Report برای اخاذی از تحویل به ما
- شرکت صادرات و واردات کالاهای مختلف از جمله کاشی و سرامیک و ارائه دهنده خدمات ترانزیت و بارگیری دریایی و ریلی و ترخیص کالا برای کشورهای مختلف از جمله روسیه و کشورهای حوزه cis و سایر نقاط جهان - بازرگانی علی قانعی
- Would a Microsoft TikTok acquisition be anything less than completely crazy?
- دانشگاهیان مورد مطالعه DDoS takedowns و گفت: آنها بی اثر توصیه وصله های آسیب پذیر سرورهای
- تقریبا غیر ممکن است برای پیدا کردن نینتندو سوئیچ مطلب در انبار در بهترین خرید - CNET
- دوم محرک بررسی برای $1,200? $2,000? چه پیشنهادی می تواند برای شما - CNET