Stop Phishing Your Workforce!

09/11/23 • 20 min

CISO Edge, The Gartner Cybersecurity Podcast

Savvy cybersecurity leaders must look to new approaches to training employees to combat social engineering. While phishing tests are seen by cybersecurity leaders around the world as essential in the fight against email-based attacks, abundant evidence exists that the outcomes do not justify the investment. Phishing testing’s lessons are not extensible to other behaviors, the exercise foments a culture of distrust between cybersecurity and the workforce (name one other function that deliberately tries to to trick employees in the name of training), and, combined with the reality that it only takes one employee clicking to generate the worst-case outcome, phishing testing is more an exercise in security theater than a contributor to a secure culture.

Andrew Walls is a vice president and distinguished analyst in Gartner’s cybersecurity practice. Prior to joining Gartner in 2007, Andrew held cybersecurity leadership posts in industries from chemical/pharmaceutical R&D to banking.

Previous Episode

You Can’t Patch Burnout!

02:00 Why you shouldn’t try to “patch” burnout

05:50 Bring some actual choice into the phrase “Cybersecurity is a lifestyle choice”

11:40 Recalibrate your collaboration habits

14:42 Rebalance your digital diet

Gartner predicts that by 2025, burnout will have caused 50% of current CISOs to change jobs — of which, 25% for roles outside cybersecurity entirely — and it’s not hard to understand why! CISOs today find themselves in demand across the spectrum of operational and executive-level decisions — a massive shift for an executive role that only a few years ago had to fight for “a seat at the table.”

CISOs need a new toolkit in order to manage their stress and thrive amid the varied, often conflicting, and always high-stakes demand for their time and expertise, because the grass is not greener elsewhere!

In this podcast, Gartner experts will share practitioner-tested tactics for CISOs to avoid — not patch — the risk of burnout by reimagining their scarcest resource: their time.

Next Episode

Identity-First Security–Are You Ready?

In this episode of the CISO Edge podcast series, Gartner experts Mary Ruddy and Chris Mixter explore what cybersecurity leaders across the spectrum of identity and access management maturity need to do to accelerate their progress to an identity-first cybersecurity program. Decentralization of computing resources, channels, entities and devices makes traditional perimeter-based security strategies and tools insufficient. Security and risk management leaders must put identity at the core of cybersecurity strategy and invest in continuous, context-aware controls. However, getting to a level of IAM program maturity where you are able to deliver continuous, context-aware identity and access controls at scale feels like a massive leap to many CISOs, whose IAM programs struggle to deliver their basic capabilities at a consistent level of quality. This conversation will provide guidance to CISOs to enable their IAM teams to rapidly advance down the path to identity-first security.