Guessing is not a strategy: How to build decision velocity with AI and real-time data
June 10, 2026 | Live Webinar
Categories: Learning
Security would be much less of a problem if you could just eliminate users. We've got a team at gantthead Labs working on that right now, but until they find a solution, it's time to re-think how you train your workforce to keep your network safe from Evil Penetrators.
It's true, because crack scientists have been working on this for a while. Two recent studies show that you are probably taking the wrong tact in your workforce training, if you are training at all. In fact, if you are actually training you may still be wasting your time.
Social Engineering Study: Real scientists (published in a dissertation!) show that workers can be fooled by smart miscreants who use workers' better natures against them - despite standard training. An example of social engineering fraud is the caller who says he is from the IT department and convinces a worker to give out password using knowledge of human behavior. According to these guys, what is needed to stop abuse of good nature is to
-
Start training using reality-based scenarios
-
Create fictitious attacks to find areas of weaknesses
Phishing Study: Real scientists show that too many people ignore or forget training when confronted "phishing" sites . However, users who are easily fooled by malicious fake web sites are the same users who are ready to benefit from - I love this - a trick phishing site, that leads the user to educational materials to teach them not to be patsies.
Bottom Line: Create high-impact training to improve security by using fictitious attacks, trick phishing sites and reality-based scenarios.
Posted on: January 19, 2009 11:28 PM |
Permalink