"Phishing Awareness Training is Far From Permanent"

A new study by the USENIX Association and a team of researchers from several German universities suggests that all of an organization's employees should go through phishing awareness training at least once every six months to prevent the effects of such training from wearing off. The results of this study emphasize the need for constant reminders or nudges as employees can easily fall back into poor security habits that could put their organization at risk. The study also found that video and interactive examples were more effective types of periodic reminders in training employees about phishing and social engineering attacks. This article continues to discuss the performance of this study, and its findings on phishing awareness training retention, the effectiveness of certain types of training, and which organizational defenses would be more successful at reducing phishing attacks.

CPO Magazine reports "Phishing Awareness Training is Far From Permanent"