Why Most Cyber Security Training Fails and What We Can Do About it
HTML-код
- Опубликовано: 11 сен 2024
- To date, the only pro-active, user-focused solution against spear phishing has been cyber security awareness training. However, multiple lines of evidence-from continuing news stories of bigger and bolder breaches to objective academic assessments of training effects-point to its limited effectiveness.
By Arun Vishwanath
Read More: www.blackhat.c...
He's making a lot of sense with regard to the end user clicking on everything.
Can anyone point me to the full study - the one where the 40 current questions and the parameters are described? I'm really interested in looking into the content a bit deeper...
He keeps referring to falling for the phishing attack being clicking on a link. What am I missing? Shouldn't the actually attack occurr AFTER clicking a link by submitting information, after falsely assessing the linked resource is safe?
Seems like they should be measuring the delivery of a payload instead of clicking a link.
You can set up malicious websites, so just opening the page (clicking the link) causes harmful code to run. What should happen, if you have passable real time virus/malware protection, is a page open but not loading and an on-screen warning that website is malicious and you shouldn't load it.
Quick google and I still can't find his 40 questions, (on his person site or that of either university that he mentioned.)
Very good questions from the audience.
Starting my own security firm shortly.
How is that going, hmm?
Is the 22:13 Like/Dislike ratio that low because people have a problem w/ something in the talk fundamentally or some random thing he said (or somewhere in between)
Because he isn't getting the facts right
Yea it's dumb. His expertise is on the HR part of these issues. Having a layman's level of understanding (ie misunderstands) of the technical aspects means he gets things wrong... A few too many idiots than decide not to bother, even though he starts by pointing out he studies the human reactions and not the technical mumbo-jumbo.
I'd say he worked for Cambridge Analytica
Why do you say that?
Hey there
First, and 5 minutes in. Did really North Korea hack Sony? I think we don't have a definitive answer.
We also definitively know the DNC wasn't hacked. Seems like this guy is a bit gullible but the talk itself was pretty good.
+deetr I came here to make the same comment lol, playing devils advocate tho I figured he was referring to some of the other more concrete cases of the DNC getting comprised before the big one that I'm assuming you're referring to (of which people rightly question the timeline among other things )
No-one credible in the security world thinks NK did it. Most say "Inside Job". Just the the DNC emails. Defcon / Cloudflare guy Marc Rogers. The locale was Korean, which is illegal to speak on NK ! Obama wanted it to be NK, so NK it was.
@@Dave__AC Podesta did though. And he even asked his IT team "Is this a phishing email" and they said "it looks legitimate" but said later they meant to type "illegitimate".
Colin Powell got Spearphished too. another guy illegally storing govt. email in private.
Fire people who fail 3 phishing tests. See what happens.
Phishing attempts against the HR person handling the lay-offs for epic payback?
could someone please help me with the latest CEH exam dumps?
Very good talk, thank you!
Why? Because they are stupid...
Thanks!
I want to be ahcker
Insha allah
Do you become a hacker now?
How about now
I thought its Trevor Noah giving training :)