How Training Conquered the Anti-Phishing Landscape

One point is very clear: phishing has proven over time that it’s technology agnostic[...]
By Mike Polatsek
image October 14, 2018 image 3 MIN READ

One point is very clear: phishing has proven over time that it’s technology agnostic. Whichever anti-phishing solution companies use, an attack is bound to infiltrate any system eventually. Despite the recent uptick in its appearance in management discussions phishing has remained constant. Since the first recorded attack on AOL users back in 1995 to recent statistics, phishing as an attack vector hasn’t subsided.


After all, phishing is a social engineering attack—it preys upon the vulnerabilities of people, not technology. So it’s not surprising the cybersecurity community’s historical approach to finding an anti-phishing solution was based on attempts to take the human factor out of the equation (e.g., deliver security solutions that are purely technological). As a result, security training took a backseat to tech-driven security solutions, and obviously, this didn’t provide optimal results.


But there’s been a shift in recent years. Security training is no longer the stepchild of technology-driven security solutions—it’s become a true force. Training enables organizations to fight back against phishing by leveraging the positive side of human psychology while getting both management attention and budgetary consideration. Here are just a couple of reasons why training is conquering the anti-phishing landscape:


Security Training Offers a Higher Marginal Value


The contribution of security training to organizational security overall is much greater than other security technologies. Why, exactly? The average organization has plenty of security solutions in place as part of an in-depth security strategy. Adding yet another technology, whether it’s email scanning, spam filtering or a URL testing tool, will indeed add additional security. However, no number of new technologies can reinvent or retool a company’s security culture.


This is why security training—specifically automated phishing simulations—is a unique tool in the anti-phishing scene. It can effect change in the security culture of a learning organization, which has more enduring benefits than any technology-based response. It’s unparalleled by existing security solutions, and investing in it yields high—and sustainable—returns.   


Security Training Accounts for the Human Factor


Phishing is always evolving. Attackers continually test their changes against cutting-edge security technologies, collecting information and refining their weapons. Sometimes these adaptations are very small—almost unnoticeable, in some cases. But even small changes in an attacker’s approach can require big investments from a security vendor—especially if they hope to counter these changes in real time. This, again, is why security training is the answer: because it’s a completely different ball game when you leverage the power of your people in your security initiatives:



Given the advantages that security training offers over technology-driven solutions, we aren’t surprised to see prospects and customers investing more and more of their time and money in smart anti-phishing learning automation. And as a result, they see a twofold increase in their return on investment, both in terms of effectiveness with their anti-phishing efforts and in their overall security operations.


As phishing becomes more pervasive, organizations are learning that security training can be their most effective first—and last—line of defense against ever-more-sophisticated attacks.

Training Conquered Anti-Phishing