In an article on Sophos, the question was posed “Is security training a waste of time?” There were some examples of training with poor outcomes. 80% of West Point cadets given 4 hours of computer security immediately fell for a test phishing scam. Employees at internet security firm RSA opened an infected XML attachment to an email that allowed their “secure” network to be breached by real-life hackers. At the end of the article, it is suggested that training can only do so much, and that those of us who are making our living setting up network security need to be doing more ourselves.
There are times when I wonder if the efforts that I am making, through my blog and my community education classes, are helping. But some many of my clients are asking before pulling the trigger on a suspicious email, that I have to say that it is helping overall.
Those of you who have taken my classes, or are following my blog, what are your thoughts? Your comments are appreciated.Share