In most companies, a small percentage of employees repeatedly fail phishing simulations. These “repeat responders” should be addressed through frequent phishing exercises to build muscle memory in identifying a phish. The cybersecurity team should work to identify what other resources are needed to reduce the tendency for repeat responders, i.e., identify process or technology updates that will change the way a repeat responder operates. Positive reinforcement, including rewards and public recognition for those who report phishing attempts, can be effective in motivating others in the company to get with the program. Finally, shifting training to include gamification and specific stories about phishing consequences can make all employees more cyber aware. This piece explains the underlying issues behind repeat responders to phishing simulations and recommends steps to address them.
Critical success factors for security education, training and awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world....