News

How Fast Does Phishing Awareness Training Wear Off? New Research Says 6 Months

If you don’t use it, you lose it, right? In the case of cybersecurity awareness training, this is now proven true.

A paper titled “An investigation of phishing awareness and education over time: When and how to best remind users” presented at the USENIX SOUPS security conference last month analyzed “the effectiveness of phishing training in time.”

The findings suggested employees need to be re-trained around six months because security and phishing awareness programs begin to wear off in time.

Understandably, if a user isn’t presented with a problem, the training they receive for that specific problem has no use and eventually fades.

The study surveyed 409 of 2,200 employees of the State Office for Geoinformation and State Survey (SOGSS) in the German public administration sector, because that “sector must go through mandatory phishing awareness training programs.

The effectiveness of phishing training over time, with tests at regular intervals, would “determine when SOGSS employees would lose their ability to detect phishing emails.” Split into groups, employees were given proper cybersecurity training and then tested respectively at 4,6,10 and 12 months. 

“The research team found that while the survey takers were able to correctly identify phishing emails even after four months following the initial training, this was not the case after six months and beyond, with a new training being recommended.”

The research team also developed “reminders” that meant to “replenish the employees’ phishing awareness and knowledge,” after they had received training. They created four separate reminders and sent them to four separate groups: text, video, interactive examples, and short text.

Employees who had received video and interactive examples, retained the training information best “with their impact lasting at least six months after being rolled-out.”

The conclusion is, that although security and phishing detection training is pertinent to helping organizations fight off cyber-attacks, the training needs to be “cyclical, with training sessions repeated, optimally ever six months and using interactive or video training measures.”

Need help re-training your team? Contact DarkHound SecOps today for more information on our free cybersecurity assessment and team training (714) 266-3790 or [email protected].

-Emmy Seigler

Source: https://www.zdnet.com/article/phishing-awareness-training-wears-off-after-a-few-months/

• Author
• Recent Posts

Samantha Keller

Director of Marketing and PR at EnhancedTECH

Samantha Keller (AKA Sam) is a published author, tech-blogger, event-planner and mother of three fabulous humans. Samantha has worked in the IT field for the last fifteen years, intertwining a freelance writing career along with technology sales, events and marketing. She began working for EnhancedTECH ten years ago after earning her Bachelor’s degree from UCLA and attending Fuller Seminary. She is a lover of kickboxing, extra-strong coffee, and Wolfpack football.Her regular blog columns feature upcoming tech trends, cybersecurity tips, and practical solutions geared towards enhancing your business through technology.

Latest posts by Samantha Keller (see all)

• Understanding ADA Compliance and What it Means for Your Website - October 23, 2020
• Robinhood Ransomware - October 20, 2020
• Wipe Your Phone, Researchers Find COVID Can Survive Up to 28 Days on Our Devices - October 13, 2020