Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is an excessively pessimistic take on security training. How many spear phishing attempts have been thwarted because the employee knew better?

It’s not a solution to the problem, but it certainly helps.



I would actually be interested in seeing some studies on that.

My gut feeling is for engineers, the phising training that most companies use is wholly ineffective at doing anything, and in particular it is especially ineffective against targeted attacks. But i have yet to see any research one way or another.

I suspect less technical users might benefit from such training a bit more (but still not that much)


How many? A fair number. Not 100%, though. If your system depends on your people 100% not falling for spear phishing, your security is dead.


Well, that’s what I meant when I said that it isn’t a solution. You shouldn’t rely on training, but it’s disingenuous to say it can’t help.


Ah. It seems I was in violent agreement with you.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: