[mr_mitm]

> No matter how much accessible information security training we try to provide and the EDR controls we implement, >95% of our incidents involve an end-user following (sometimes extremely obvious) phishing links.

That just shows that security training is insufficient and admins need to design their systems and networks to account for that fact. Clicking links is part of everybody's job and should not pose a risk to your organization. Enable 2FA for everything exposed to the internet to mitigate phished credentials.

Stop trying to fix the user: https://www.schneier.com/wp-content/uploads/2016/09/Stop-Try...