author photo
By Bruce Sussman
Wed | Jul 11, 2018 | 11:14 AM PDT

Here's a brand new video from the NIST Human Factors research team.

The NIST video is catchy and can help you, your CIO, and non-technical leaders understand why employees still get successfully phished.

And it looks at why this may keep happening despite your investment in a security awareness program. Video: "You've Been Phished"


The NIST phishing video asks and answers several questions:

  • Should you punish employees for repeated security failures?
  • What is the key factor that makes it harder for employees to recognize a phishing email?
  • What should security awareness training be centered around?
  • Is it easy for your employees to report a phishing email?

We know this much: Hopefully, the NIST team doesn't run into Mitchell Sprinsky anytime soon. The Chief Information Officer at Spectrum Pharmaceuticals told SecureWorld, "After three warnings, we will shut down their incoming and outgoing email."

Sprinsky was part of a very engaging SecureWorld web conference, Risky Business: When End-Users Continue Bad Security Behavior, which you can watch on-demand.

And by the way, here are 5 Ways the NIST Cybersecurity Framework Maps to an Attack, shared with us by University of Massachusetts CISO Larry Wilson.