Category: CISO life, Emerging threats, SASIG Supporter

Why the threat of phishing can’t be ‘trained away’



The Security Awareness Special Interest Group (SASIG) connects cybersecurity professionals from all areas. TSC invites SASIG Supporters to share their cybersecurity insights in The Insider. In this piece, we review a report from machine learning email security company Tessian, that opens up the issue of how training and technology should be applied to combat phishing.



Arguably, the cybersecurity threat that keeps CISOs awake at night above all others is phishing. You’d be forgiven for thinking that incidents of opening phishing emails and clicking on dangerous links would have been eliminated by now. The sheer amount of time and effort expended into combatting the threat should have killed it.

Yet it persists. And it does so for two connected reasons:

  • Email is the weapon of choice of cybercriminals, making it the number one threat vector

  • Phishing methods are continually growing and becoming more sophisticated and varied

Training is undoubtedly one way to defend against phishing. Indeed, TSC provides consultancy and training in this area. However, we at TSC have long argued that you cannot just ‘train and go’.

You need to understand why phishing exists and persists, and how it continues to evolve (look out for our forthcoming eBook ‘Your guide to Phishing’). Monitoring how your employees behave when they receive a phishing attack is also helpful for feeding back to them.

With all this in mind, some interesting research conducted by our friends over at Tessian caught our eye. As experts in human-layer security, focussed on protecting all human-digital interactions in the enterprise, they conducted research into the effectiveness of training on reducing the impact of phishing.

The conclusions are interesting. Tessian found that we cannot rely purely on technology, nor solely on training. They make the case that it is a combination of properly thought-through and well-conducted training with appropriate technology to support the human element in the system that works the most effectively.

Have a read of Tessian’s research Why the threat of phishing can’t be ‘trained away’ and let us know what do you think.


Insider sign up button

You might also like...


This website uses cookies, by continuing to use the site you agree to using cookies. Continue Privacy Policy