A new report uncovers worrying complacency amongst IT and security leaders
Maybe the staff need a longer password with special characters, that ought to fix it.
Ok, but they must be changed every 45 days and they can never reuse a password.
💀
I did one of these phishing tests at a past job and the leadership wanted a list of who failed. I refused because it was just a drill, they knew they failed, and we had aggregated data to use for future analytics on training efficacy.
I love that all the reports and studies about this training are summed up as that it’s completely worthless unless you’ve had zero experience with it before.
Relying on individuals to do the right thing has never been a good way of assuredly preventing anything.
They need scapegoats. They’ll blame anyone that’s not a C-suite.
This will result in phishing not being reported, which will exponentiate the damage.
