Many organizations rely on employee training to help mitigate the risks of spear phishing. But such efforts are generally ineffective, says Eric Johnson of Vanderbilt University. Johnson: “Training exercises are not going to move the needle a lot” Johnson: Attackers can make a profit of $150,000 if they target a targeted attack. Embedded training is an idea that doesn’t prove to be all that effective, he says. It’s very hard to pull the finger back from the mouse, even for the most astute security folks.”]
Source: https://www.cuinfosecurity.com/steps-to-mitigate-spear-phishing-a-6500