Cybersecurity Consciousness Month was launched in October 2004 by the U.S. Division of Homeland Safety and the Nationwide Cybersecurity Alliance. Its preliminary steering, which lined easy safety duties — equivalent to updating antivirus twice a yr, simply as you’d change the batteries in your smoke alarms at daylight saving time — advanced right into a month of greatest practices and recommendation for shoppers, companies and governments alike.
Whereas usually mocked or ridiculed — sure, folks nonetheless fall for a similar phishing scams they did years in the past, and sure, cybersecurity consciousness coaching could be a drag — the underpinning notions that cybersecurity is crucial, and people and companies should do their share to remain secure from cyberthreats are not any joke.
This week’s featured information appears on the newest in enterprise cybersecurity consciousness — for higher and worse.
Conventional cybersecurity coaching fails to thwart phishing assaults
Regardless of many years of funding in cybersecurity consciousness coaching, latest analysis revealed these packages are largely ineffective and generally counterproductive.
A complete assessment of research since 2008 discovered that frequent coaching strategies — together with annual webinars and embedded classes after failed phishing assessments — don’t considerably scale back workers’ susceptibility to assaults.
Researchers from the College of Chicago and College of California, San Diego discovered “no proof that annual safety consciousness coaching correlates with decreased phishing failures,” whereas ETH Zurich research confirmed embedded coaching could make workers overconfident and extra weak.
Further analysis indicated that data alone does not translate to behavioral change, with coaching results disappearing inside six months.
Cybersecurity coaching ought to concentrate on behavioral change
Most cyberattacks succeed by focusing on finish customers by means of social engineering or exploiting human errors, making conventional safety consciousness coaching inadequate.
Main organizations are shifting from primary consciousness packages to human threat administration fashions that drive precise behavioral change. Efficient packages now make use of seven key practices:
- Utilizing the COM-B psychological mannequin — capabilities, alternatives, motivation — to design coaching.
- Instructing customers to activate “sluggish considering” reflexes when underneath stress.
- Delivering bite-sized, scenario-based nudges that mirror real-world assaults.
- Measuring significant metrics past easy click on charges.
- Utilizing gamification fastidiously and intentionally.
- Emphasizing constructive reinforcement over punishment.
- Hiring psychology and behavioral science consultants to design curricula.
This method transforms workers from the weakest safety hyperlink into the primary line of protection by creating lasting behavioral adjustments quite than simply non permanent consciousness.
Learn the total story by Ericka Chickowski on Darkish Studying.
From hacker to educator: Nigerian youth transforms safety panorama
Aliyu Ibrahim Usman started hacking on the age of 14 however hid his abilities attributable to unfavourable perceptions of hacking in Nigeria. At 19, he based the Cyber Cadet Academy to coach college college students and professionals in cybersecurity careers. Now 23, Usman organized Nigeria’s inaugural BSides cybersecurity convention in Kano, bringing collectively stakeholders together with police, authorities companies and college students.
Pushed by considerations about on-line little one security and widespread cybersecurity points, he teaches as much as 20 college students at his registered academy. His imaginative and prescient is to make the academy Africa’s main cybersecurity coaching institute, with plans to broaden and practice college students as future workers members.
Learn the total story by Arielle Waldman on Darkish Studying.
IT leaders fall sufferer to phishing — and a few maintain it a secret
A survey of 1,700 IT professionals by cybersecurity vendor Arctic Wolf reported that almost 70% of IT leaders have been focused by cyberattacks, with 39% experiencing phishing, 35% malware and 31% social engineering assaults.
Most regarding is that 64% of senior executives admitted to clicking on phishing hyperlinks, and 17% of them by no means reported doing so. Researchers recommended this is likely to be out of worry of punishment or termination.
AI-powered social engineering targets company executives
Attackers are more and more utilizing subtle AI applied sciences, equivalent to deepfake movies and voice cloning, to conduct social engineering assaults towards company executives and high-profile targets.
In keeping with cybersecurity vendor Palo Alto Networks, social engineering was the main assault vector in 36% of incident response instances from Might 2024 to Might 2025, with two-thirds focusing on privileged or govt accounts. In a separate report, the Ponemon Institute reported that about 40% of executives have skilled deepfake assaults.
To fight these evolving threats, consultants really helpful limiting info shared on social media, utilizing phishing-resistant MFA and implementing out-of-band verification strategies.
Extra on cybersecurity consciousness coaching
Try these assets for cybersecurity recommendation and greatest practices:
Editor’s word: An editor used AI instruments to assist within the technology of this information temporary. Our professional editors all the time assessment and edit content material earlier than publishing.
Sharon Shea is govt editor of Informa TechTarget’s SearchSecurity website.
