The only anti-phishing program I've ever seen that was even a little effective was at one company I worked at, where there was an ongoing phishing test.
Users were randomly selected to get the test, and each phish was hand-crafted to trick people specifically at our company (but using only publicly available information). Anonymized results were posted quarterly, divided by department.
I only got fooled once, but man, it felt so bad to see Engineering show up on the dashboard with one hit that quarter.
(Sales was usually at the top of the list, which makes sense, since they interface with a lot of folks outside the org)
That's because it moves from being a project to being a process. I've tried to express this at my current job.
They want to take time out to write a lot of unit tests, but they're not willing to change the process to allow/expect devs to add unit tests along with each feature they write.
I'll be surprised if all the tests are still passing two months after this project, since nobody runs them.
I agree that maintenance costs are often overlooked/ignored, but I'm curious how you get answers on the costs. I've never found it particularly easy to get reliable information on maintenance costs.
There’s still some of that feeling in little pockets around the Internet. The tildeverse (https://tildeverse.org) might interest you; it’s a loose group of servers that offer free shell accounts for hosting simple web pages, chatting, programming, or playing around on a mostly unrestricted Linux box.
I run http://ctrl-c.club, one of the oldest tildes. We’re (mostly) closed to new signups, but if you’re interested, send me an email to [email protected] and we’ll get you in.
I hear this argument regularly, but I’ve never understood why. Hyperinflation is historically a bad thing, but whenever I ask about deflation, I just get hand-waving about the Great Depression. Is there any reading that lays out the dangers of deflation?
In business, I have four "bad words": just, only, simply, and obviously.
Used in a work context, they are nearly always used in an attempt to diminish the perceived effort of something, so I get very sketched out when anyone (even/especially other programmers) starts throwing them around.
Users were randomly selected to get the test, and each phish was hand-crafted to trick people specifically at our company (but using only publicly available information). Anonymized results were posted quarterly, divided by department.
I only got fooled once, but man, it felt so bad to see Engineering show up on the dashboard with one hit that quarter.
(Sales was usually at the top of the list, which makes sense, since they interface with a lot of folks outside the org)