cybersecurity

5120 readers

40 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks

tweedge

174

Study concludes cybersecurity training doesn’t work (www.kpbs.org)

submitted 2 days ago by cm0002 to c/cybersecurity

48 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] 14th_cylon@lemmy.zip 17 points 2 days ago (1 children)

no. training costs time and money, so if it has zero effect, then no training is clearly better.

[–] TheAsianDonKnots@lemmy.zip 7 points 2 days ago (3 children)

I guess I don’t understand the metric of success. My training at work has helped me recognize risks more than most of my family that has no idea what root domain URL scam is. Did most of my family fail? Yes. Did 20% learn something and avoid risk? Yes.

In large companies the training is for liability purposes, “see they all passed their tests, we tried to warn them”. People are always going to be the attack vector, that’s unavoidable… but 20% success is better than 0% success. As an admin, if I received a 20% spike in phishing reports, that’s statistically significant and should be looked into and stopped (proxy violation).

Cost of training is unavoidable and budgeted for.

[–] furrowsofar@beehaw.org 2 points 10 hours ago* (last edited 10 hours ago)

Some of it is useful but IT practices that waste my time mean I get less done, makes me work more unpaid overtime, results in lower raises because you get less done, and destroys innovation and the company in the long run because more and more things need permission. You cannot run an innovative organization that way. One reason I left the company.

[–] CH3DD4R_G0BL1N@sh.itjust.works 2 points 2 days ago

Yeah it’s been a few years and I don’t remember what at this point, but my training has taught me a new scam or two before.

[–] 14th_cylon@lemmy.zip 1 points 2 days ago

I guess I don’t understand the metric of success.

i guess you will find if you read the study mentioned in the article.

it is certainly possible that the study, or its interpretation in the article, is bs - i did not read either one of them. i am just stating in the vacuum that if something does not work (which is what that headline presents as conclusion of the study), then wasting time and money on it is worse than doing nothing.