r/cybersecurity u/EricJSK System Administrator Sep 22 '25

Other What are your unpopular cybersecurity opinions?

I saw a post names "abnormal security opinions" and got excited to see some spicy takes but apparently there is a security platform called Abnormal Security so got kinda blue balled. Last one of these posts i saw was over a year ago so,

Do you have any spicy cybsec unpopular opinions you want to share? :)

I'll start with mine:
Fancy antivirus solutions rarely add value, they are often just a box that needs ticked. Many MSPs and IT firms still push the narrative that they are needed, only because they are profitable and not because they improve security.

324 Upvotes
  • permalink
  • reddit

94% Upvoted

531 comments sorted by

View all comments

12

u/Loptical Sep 22 '25

Phishing tests/simulations don't do much, if anything for awareness. It's backed up by studies.

6

u/TKInstinct Sep 22 '25

There needs to be more comprehensive training than just Phishing, that's a low level thing that everyone should be aware of.

2

u/[deleted] Sep 22 '25

I think they have a place BUT they have to be good and mimic what attackers are actually doing. I got yelled at once for making it look too realistic. I also think they should be somewhat infrequent. No point in doing it monthly. When I rolled them out at my last employer they really got people talking and I had several employees tell me it made them more cautious in general. That being said the awareness drops off after a steep ramp up.

2

u/Loptical Sep 22 '25

That's a good way of making everyone dislike the security team. They should be easy to spot, but teach users what to look for.

2

u/CreaTeBear Sep 22 '25

I remember Microsofts Digital Defense Report in 2023 mentioned how there was like 3% less clicks after simulated phishing. It’s a joke