cybersecurity

5120 readers

40 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks

tweedge

174

Study concludes cybersecurity training doesn’t work (www.kpbs.org)

submitted 2 days ago by cm0002 to c/cybersecurity

48 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] bamboo@lemmy.blahaj.zone 1 points 2 days ago (2 children)

It's also such a dumb metric because most of people's jobs are to click on links elsewhere on the internet, yet when it's in an email, it's bad? Unless you're running an old browser or there is a 0 day, simply opening a link isn't going to hack your system, but further actions by the user would need to be taken to be compromised. These simulations don't account for that.

[–] sirblastalot@ttrpg.network 1 points 1 day ago (1 children)

Clicking the link hypothetically confirms to the spammer that yours is a valid and monitored email address, and that you're a sucker suitable for more targeted phishing.

Of course, it seems like every random user will also happily type their password into any text box that asks for it, too.

[–] bamboo@lemmy.blahaj.zone 1 points 1 day ago

Unless the email client is blocking external images, a tracking pixel in the email would be enough to see that the email was rendered, and that the address is valid. The trainings specifically instruct you to review the contents of the email and check the email headers before clicking links, so that alone would confirm to a spammer that the email is valid.

[–] furrowsofar@beehaw.org 3 points 2 days ago* (last edited 2 days ago)

The real idiotic thing is a network where one client system compromise compromises the whole company. Bad network design.