1、#SECTORCA BlackHatEventsWhy Phish if it Doesnt Work?A No BS Take on Why We Need to Phish#SECTORCA BlackHatEventsDavid ShipleyCEO,Field CISO Beauceron SecurityLed Security Practice at UNBCanadian Forces Veteran#SECTORCA BlackHatEventsThe Meaning of CyberPeopleControlTechnology#SECTORCA BlackHatEvents
2、Phishing is still the most used tactic to compromise organizationsIts fast,cheap and highly effective.It exploits psychology and neuroscience to successfully trick anyone who is unwary of electronic communicationsAnyone,in the right circumstances,can fall victim to a phishExpert Manipulation#SECTORC
3、A BlackHatEventsWhat recent academic research tells us(and what it doesnt)CLAIMREALITYPhishing simulations dont workData from recent studies do not support this claim.They show some training approaches dont work,particularly post-failure landing pages.All phishing training approaches fail to show re
4、sultsThere are no studies and no evidence to support this.For negative studies on some methods and content,there are others show different approaches have positive results Security awareness and phishing simulations are not worth it the time or expenseSecurity Awareness training does more than just
5、anti-phishing learning and other research has shown simulations themselves are a valuable tool for reminding people that phishing is a real threat.#SECTORCA BlackHatEventsWhat recent academic research tells us(and what it doesnt)Research InsightClick RateReport RateWhy DataUnderstanding Efficacy of
6、Phishing Simulations(2024,1 Org,Health,8 months,19K people)Phishing feedback:just-in-time interventionimproves online security(2024,1 Org,Health,11k People,9 months in three waves)Phishing in Organizations:Findings from a Large-Scale and Long-Term Study(2021,1 Org,Unknown Industry,15k people,15 mont