Security training has little effect on reducing human error
Traditional techniques such as security awareness training and phishing simulations have a limited impact on improving employees real-world cybersecurity practices according to a new report.
The study, prepared by the Cyentia Institute, uses aggregated data from 114,000 Elevate Security Platform users for the last three years, examining malware, phishing, email security and other real world attack data.
It finds that while security training results in slightly lower phishing simulation click rates among users, it has no significant effect at the organizational level or in real-world attacks. What s more, an increase in simulations and training can be counterproductive, with the report finding that users with five or more training sessions are actually more likely to click on a phishing link than those with little or no training. 11.2 percent of users who had only one training session clicked on a phishing link, whereas 1
How Secure Are Healthcare IT Systems? New Research Provides a Glimpse
Ed Bellis Co-founder and CTO, Kenna Security
In late October 2020, the FBI and US-CERT issued a joint statement detailing an imminent ransomware threat targeting hospitals and the US healthcare system.
The threat was first uncovered by security researchers from Hold Security, which found that over 400 hospitals were the likely targets of a Russia-based organized crime group with a strong track record of success.
So far, a string of attacks have been uncovered - but it s not entirely clear if these attacks are connected to the effort that prompted the warning. Either way hospital executives should be on edge. A coordinated cyber-attack could not come at a worse time, and individual attacks have shown just how disruptive they can be.
RSA Conference Announces Initial 2021 Keynote Speakers
Inspiring experts from around the world will tackle the top security topics and issues
News provided by
Share this article
® Conference, the world s leading information security conferences and expositions, today announced its initial line-up of keynote speakers for RSA Conference 2021, which is taking place as a virtual experience from May 17 through May 20.
Reimagined for digital-first, RSA Conference 2021 will deliver Keynote programming across all four days of the virtual experience. Acclaimed speakers include prominent cybersecurity experts and innovators, such as:
Dmitri Alperovitch, Chairman, Silverado Policy Accelerator and Sandra Joyce, Executive VP, Head of Global Intelligence, FireEye
While Apple has grabbed headlines of late for discovering zero-days, todayâs columnist, Ed Bellis of Kenna Security, says true zero-days are rare. Bellis says the vast majority of vulnerabilities are patched before CVE publication. However, in the rare case when exploits predate the availability of a patch, attackers get a 47-day head start â and thatâs something security teams need to focus on. rwentechaneyCreativeCommons (Credit: CC BY-NC-SA 2.0)
Common sense tells us that when code used to exploit vulnerabilities becomes publicly-available, somebody will use it for an attack.
New research from Kenna Security and the Cyentia Institute tells us the exact impact the public release of such code has on corporate security and attacker momentum â especially in the relatively rare instances where the release of an exploit code predates a patch. When this happens, attackers get a 47-day head start against the security teams defending against them.
Education institutions have a 14x higher rate of Internet of Things device exposures compared to other industries, according to a recent report from RiskRecon and cybersecurity research firm Cyentia Institute.