Does security awareness training even work?

The other day, I was in a room full of CIOs, CTOs and CISOs who — as an ice-breaking activity — were asked to share a bad security habit. One after the other admitted to bad password hygiene, such as reusing passwords.

I was the only one in the room who used password management software, and that was only because I’d just written an article about it.

If even well-educated security experts mess up when it comes to security, can we really educate average employees to be more security aware?

To read this article in full or to leave a comment, please click here