A prominent security consultant is urging a rethink of the way businesses handle user education and awareness. SANS incident handler and Savvis consulting manager Lenny Zeltser said current approaches user education has failed because it s too boring and recommends that security practitioners look closely at the evolution of social engineering attacks. We need to train our users in a different way to understand exactly why these attacks are working. We need security awareness around social engineering to work and measure it via pen testing, he said.
Source: https://threatpost.com/social-engineering-attacks-prove-failure-user-education-042110/73863/