If users are the ones being tricked, train users and they won’t get tricked. Easy! Except it doesn’t quite work like that.
Can user training ever hope to keep pace with the constantly evolving threat landscape?
And who decided user training was the right solution in the first place?