I see a ton of security awareness training. I give a ton of training. We teach that bad things happen when you click on links. “Here are examples of things you shouldn’t click on… So make sure not to click on them!”
And then people do.
If we accept that hackers are more like marketers, we start to understand that the odds of employees clicking on these links increases day-by-day. I’m sure a very good marketing hacker utilized CyberMonday to promote an incredible deal on ransomwear.
We scare employees into thinking they’ve failed when they click on a bad link.
And yet the one thing we really want them to do is tell us when they messed up.
Let’s end every security awareness training emphasizing that if you make a mistake — if you get caught in a marketing trap — you will be rewarded for raising your hand. It’s much better than quickly closing your browser, turning off your computer, and pretending it never happened.
More Security Posts
Wallet Backups: Protecting Your Funds
In our ongoing journey to demystify the world of blockchain and digital assets, we've covered the ins and outs of Hierar...
Security Longreads for July 17, 2015
Explore the latest in security with insights on stolen fingerprints, the rising role of Chief Security Architects, and t...
Beyond Q-Day: What Quantum Computing Actually Unlocks
Quantum computing threatens encryption—but the same capability could solve climate and food security. Leaders must shift...