Social engineering attacks, like phishing emails, are common conduits of ransomware attacks. Organizations that deploy certain types of awareness training where employees are fooled and then shamed or made to feel foolish are handling security training ineffectively. Security teams should consider a rewards-based system and recognize people or groups that are bringing insecure behaviors to management attention, says Sophos’ Mat Gangwer. Find out how Sophos can help your employees learn how to spot phishing and social engineering attacks by visiting their website.”]
Source: https://www.csoonline.com/article/3620069/changing-the-narrative-around-attack-victim-shaming.html