Cybersecurity Tip of The Day #3

Categorize the difficulty of simulated phishing campaigns to improve awareness and results analysis

Simulated phishing can be a controversial topic, but if used correctly the practice certainly has a place in security awareness. It's an opportunity to mimic common themes attackers are using in order to raise the awareness of your employees to potential attacks heading their way. Many organizations track the percentage of employees that "fail" a campaign and report on a hopeful downward trend line to prove the effectiveness of awareness efforts. There's some context missing in those statistics; however, since some phishing emails are far easier to spot than others.

One way to combat this data gap is to categorize simulated campaigns with three levels of difficulty - easy, moderate, and hard. The categorization of difficulty certainly has a level of subjectivity involved, but it will bring your organization closer to understanding the actual level of awareness employees have in real-world scenario's - both easy and hard.

#cybersecurity #phishing #awareness