Study Concludes Cybersecurity Training Doesn’t Work
UC San Diego study finds cybersecurity training ineffective; trained employees still click on phishing attacks. Research suggests enhancing system defenses rather than relying on training.
training
How Do We Measure Our Defenses Against Social Engineering Attacks?
CISO Series discusses measuring defenses against social engineering attacks, particularly phishing. Hosts David Spark and Mike Johnson question the effectiveness of using phishing click rates as a metric, suggesting they are easily influenced and insufficient. Experts emphasize the need for a holistic approach, focusing on response actions post-click and measuring susceptibility across various channels, not just email. They highlight the importance of a layered security strategy and the evolving sophistication of attacks facilitated by advances like AI. Recommendations include enhancing awareness training and developing contextual metrics to better assess organizational security.
https://cisoseries.com/how-do-we-measure-our-defenses-against-social-engineering-attacks/
BT: Why Human Firewalls Are Critical in AI Cybersecurity
BT Security’s Tris Morgan emphasizes the importance of human firewalls in AI cybersecurity, arguing that employee training is crucial against sophisticated AI-driven attacks. He believes that investing in a cyber-aware culture transforms employees into an active defense against threats. Despite advanced technology, many breaches result from human error, with attackers exploiting trust and behavior. Effective training should be ongoing, engaging, and relevant, using simulations and real-world scenarios to foster awareness. For SMEs, cost-effective strategies include realistic training and clear security policies to cultivate vigilance. Continual adaptation to evolving threats is essential for strong cybersecurity defenses.
https://aimagazine.com/news/bt-security-the-importance-of-humans-in-ai-powered-attacks
CISOs Must Rethink the Tabletop, as 57% of Incidents Have Never Been Rehearsed
CSOonline introduces a hybrid search to enhance content exploration. Key features include security spotlights, newsletters, resources, and buyer's guides, along with extensive topics on cybersecurity and IT management. An article emphasizes that 57% of cyber incidents are unexpected, prompting CISOs to rethink tabletop exercises to focus on realistic, smaller attacks rather than rehearsing for known threats.
Embedding Threat Intelligence and Practical Training in ICS Cybersecurity Awareness for Frontline Resilience
Rethinking ICS cybersecurity focuses on embedding threat intelligence and practical training into awareness programs for frontline resilience. Traditional IT-centric views are inadequate due to rising state-sponsored threats. Organizations are shifting from mere compliance to a culture of cybersecurity, emphasizing safety, operational continuity, and employee empowerment. Dynamic role-based training, powered by AI, helps counter misinformation and improve real-time threat detection. Engagement, tailored training, and continuous assessment enhance security posture. ICS environments face unique challenges, necessitating specialized knowledge on risks tied to safety and engineering. As cybersecurity threats evolve, fostering a psychologically resilient workforce becomes essential, prioritizing verification and critical thinking to combat AI-driven deception and elevate operational safety.
Making Cybersecurity Training a Priority for Everyone
TLDR: Cybersecurity relies on skilled users, not just technology; 95% of data breaches in 2024 were due to human error. Investment in user education and reskilling is essential. Training must be relevant and encompass all employees, not only specialists. With AI's rise, ethical understanding and critical thinking in cybersecurity training are critical. Cybersecurity should be a collective responsibility, integrated into daily life, and treated as a public good requiring cooperation and constant adaptation.
https://www.weforum.org/stories/2025/10/cybersecurity-people-not-just-technology/
Council Post: The Growing Cybersecurity Skills Gap: a Breach Waiting To Happen
Cybersecurity faces a severe talent shortage, risking sensitive data and systems as organizations struggle to find qualified professionals. Nearly 90% of leaders attributed breaches to this skills gap, with over 700,000 roles unfilled. Human error causes 88% of breaches, highlighting the need for effective training. To address this, companies should invest in enhanced education, role-based training, and automation. Utilizing gamified, hands-on training can engage potential talent and effectively prepare them for real-world threats, helping to bridge the skills gap and improve cybersecurity defenses.