Does security awareness training even work?
The other day, I was in a room full of CIOs, CTOs and CISOs who — as an ice-breaking activity — were asked to share a bad security habit. One after the other admitted to bad password hygiene, such as reusing passwords.
I was the only one in the room who used password management software, and that was only because I’d just written an article about it.
If even well-educated security experts mess up when it comes to security, can we really educate average employees to be more security aware?