当前位置:首页 > 报告详情

既然钓鱼行不通为什么还要钓鱼?直截了当地解释我们为什么需要钓鱼.pdf

上传人: 竿*** 编号:982128 2025-11-29 19页 1.17MB

1、#SECTORCA BlackHatEventsWhy Phish if it Doesnt Work?A No BS Take on Why We Need to Phish#SECTORCA BlackHatEventsDavid ShipleyCEO,Field CISO Beauceron SecurityLed Security Practice at UNBCanadian Forces Veteran#SECTORCA BlackHatEventsThe Meaning of CyberPeopleControlTechnology#SECTORCA BlackHatEvents

2、Phishing is still the most used tactic to compromise organizationsIts fast,cheap and highly effective.It exploits psychology and neuroscience to successfully trick anyone who is unwary of electronic communicationsAnyone,in the right circumstances,can fall victim to a phishExpert Manipulation#SECTORC

3、A BlackHatEventsWhat recent academic research tells us(and what it doesnt)CLAIMREALITYPhishing simulations dont workData from recent studies do not support this claim.They show some training approaches dont work,particularly post-failure landing pages.All phishing training approaches fail to show re

4、sultsThere are no studies and no evidence to support this.For negative studies on some methods and content,there are others show different approaches have positive results Security awareness and phishing simulations are not worth it the time or expenseSecurity Awareness training does more than just

5、anti-phishing learning and other research has shown simulations themselves are a valuable tool for reminding people that phishing is a real threat.#SECTORCA BlackHatEventsWhat recent academic research tells us(and what it doesnt)Research InsightClick RateReport RateWhy DataUnderstanding Efficacy of

6、Phishing Simulations(2024,1 Org,Health,8 months,19K people)Phishing feedback:just-in-time interventionimproves online security(2024,1 Org,Health,11k People,9 months in three waves)Phishing in Organizations:Findings from a Large-Scale and Long-Term Study(2021,1 Org,Unknown Industry,15k people,15 mont

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《Why Phish if it Doesn't Work?》一文,以下是全文关键点的概括: 1. **钓鱼攻击的有效性**:钓鱼攻击是组织最常用的攻击手段,因其快速、成本低且效果显著。 2. **钓鱼模拟的效果**:尽管有研究称钓鱼模拟无效,但实际数据显示,某些培训方法在失败后的着陆页面上效果不佳。 3. **钓鱼模拟的实证研究**:大量研究表明,钓鱼模拟可以提高在线安全性,减少点击率,并提高报告率。 4. **钓鱼模拟的频率**:每月进行钓鱼模拟比更频繁或更少频率的模拟更有效。 5. **认知偏差**:研究表明,人们在没有意识到自己是目标时,更容易点击钓鱼链接。 6. **培训时长**:每年35至45分钟的培训比超过45分钟的培训效果更好。 7. **心理因素**:人们因为忘记、匆忙、好奇或对后果的恐惧而点击钓鱼链接。 8. **安全文化**:通过建立积极的反馈机制和奖励系统,可以培养积极的网络安全文化。 9. **ROI证明**:通过点击率、报告率、点击后报告率、报告者准确性和绕过滤器指标来证明钓鱼模拟的ROI。
"为何聪明人也中招?" "如何打造防钓鱼大脑?" "防钓鱼培训真的无效吗?"
客服
商务合作
小程序
服务号
折叠