Social engineering attacks are resurgent, leaving a wave of breaches behind them: Take Two Interactive, American Airlines, Uber, Okta, Microsoft, Twilio, the list goes on. The historical solution to this problem has been security awareness training. But after decades of relying on this solution, do we have real data on its efficacy? Daniele is the lead author on a paper that caught my eye earlier this year on phishing simulations. What stood out immediately is that it was the largest and longest study of its kind. Instead of a lab or among college students, his study was conducted in collaboration with a Swiss corporation involving more than 14,000 employees over 15 months.
The results have serious implications for how we build resilience.
You can read the full study here: https://arxiv.org/pdf/2112.07498.pdf