Humans vs. Artificial Intelligence: Who is the better phisher?
What an interesting question and an article published recently gives us the answer, at least for today. Stephanie Carruthers, the chief people hacker...
This has been a very interesting question since we’ve started phishing training, which for me was around 2016. So, for about ten years, I’ve heard people challenge whether there is any evidence that phishing simulations reduce the likelihood that an individual will interact with a phishing email. We knew it was our largest risk and, therefore, we had to train, but as an industry, it was more common sense driving the approach vs. hard studies and numbers.
Also, studying this can be difficult to deduce because we have a big limitation, which is that we cannot predict when and where a phishing email in the wild will pop up…I suppose unless someone clicks on it. So, the best we can do is measure response to simulated phishing emails in studies. In this way, I recently came across some interesting studies that answered this question by highlighting what does and does not work.
The conclusion on page 15 is that Repeat Clickers have “… rigid email habits are suggestive of an underlying cognitive factor at play…” Interestingly, in the comparisons of survey responses, they reported more confidence in their ability to identify a phish than protective stewards. Further, page 16 states that “…protective stewards unquestionably had more general technology-related knowledge and were more capable at articulating technically related concepts…”
Overall, the key is to approach your program with a helpful attitude and not a punitive one. Next, work toward finding the root cause, then a workable solution with individuals in mind. If you need help with your security awareness program, we would love to help you. Contact us at support@bedelsecurity.com.
Grant Study: https://people.cs.uchicago.edu/~grantho/papers/oakland2025_phishing-training.pdf
https://www.verizon.com/business/resources/reports/dbir/
Canham Study: https://osf.io/preprints/psyarxiv/36eqn_v1
What an interesting question and an article published recently gives us the answer, at least for today. Stephanie Carruthers, the chief people hacker...
Cybersecurity Awareness Month1 is an annual campaign held in October to promote awareness about the importance of cybersecurity and encourage...
As we enter the holiday season, many of us look forward to festive gatherings, shopping sprees, and, of course, sharing the season’s joy with loved...