Tuesday, October 27, 17:18
Home security Phishing training is forgotten after a few months

Phishing training is forgotten after a few months

Safety awareness and phishing programs are quickly forgotten and employees need to be retrained after about six months, according to a paper presented at the USENIX SOUPS security conference last month.

The purpose of the paper was to analyze the effectiveness of long-term phishing training.

Taking advantage of the fact that German public sector organizations have to go through compulsory phishing training programs, academics from many German universities surveyed 409 of the 2.200 employees of the State Geoinformatics and State Research Service (SOGSS).

AgentTesla Trojan-phishing campaign-COVID-19

The researchers tested the effectiveness of phishing training over time, with periodic tests at regular intervals to determine when employees of SOGSS will lose their ability to detect phishing messages.

Employees were divided into multiple groups and tested every four, six, eight, ten and twelve months, respectively, once trained in one program phishing training.

The research team found that while participants in research were able to properly detect phishing emails even after four months of initial training, this did not happen from six months onwards, Companies to retrain their employees.

The researchers also created their own "reminders" to "replace the sensitization and employee phishing knowledge ", which they used to train employees after their investigation - six to twelve months later.

"We have developed four different programs," the academics said. “Four programs were distributed in four groups (one per group): (a) text, (b) video, (c) interactive examples and (d) a short text.

"Twelve months after seminar, we compared the knowledge retention of the four groups. Among the four different tests, the video and interactive examples performed best, with an impact lasting at least six months after training. ”

Academics have concluded that while employee training in phishing emails can help organizations prevent attacks, this training should be cyclical, with repetitive training sessions, ideally every six months, and using interactive examples or videos.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.


Microsoft is limiting the availability of Windows 10 20H2

Microsoft is currently restricting the availability of Windows 10 20H2 to provide all users who want to ...

How to enable the new Chrome Read more feature

The latest version of Google Chrome browser, v86, released earlier this month, contains a secret feature called Read ...

How to choose a custom color for the Start menu

Starting with the October 2020 update, Windows 10 is the default on a theme that removes bright colors from ...

NASA telescope discovers drinking water on the moon

Eleven years ago, a spacecraft changed our view of the moon forever. The data collected by ...

Microsoft: Enhances password spray attack detection capabilities

Microsoft has significantly improved the ability to detect password spray attacks in the Azure Active Directory (Azure AD) and has reached the point ...

How to prevent companies from finding our phone number

In the age of advertising, the more user information is known the more convenient it is for companies. And in particular, the ...

Violation in a psychotherapy clinic led to blackmail of patients

Two years ago, a cyber attack took place in a Finnish psychotherapy clinic, which resulted in data theft and ransom demand. Now,...

Australia: Enhances cybersecurity and privacy!

The Government of New South Wales in Australia has set up a task force to strengthen cybersecurity and protection ...

More than 100 irrigation systems were left exposed on the internet

More than 100 smart irrigation systems were left exposed on the internet without a password last month, allowing anyone to access ...

Violation in Nitro Software most likely affects Google, Apple, Microsoft

Nitro PDF (Nitro Software) service has suffered a data breach, which is said to affect many well-known companies, such as Google, ...