Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    ISACA Recommends Phishing Simulations and Measurement as Appropriate Defense to Reduce Risk of Successful Phishing Attacks

    Phishing-cover (1)

    Organizations are working to limit the effectiveness of phishing attacks using both internal and external collateral and programs. According to ISACA, the important thing is to have something in place.

    Making employees aware of phishing scams, the latest tactics, and how social engineering can be used is a burden put on IT on top of everything else they’re responsible for. According to the ISACA’s Phishing Defense and Governance report, it’s a task organizations take seriously:

    • 71% of organizations us some form of employee training programs for security awareness and anti-phishing
    • 85% of enterprise organizations measure and report on the program effectiveness

    But phishing simulations aren’t getting the same focus. According to the report, only 57% of organizations utilize phishing simulations to test whether users are paying attention to both the training provided and the emails they interact with. With cybercriminal’s social engineering tactics constantly improving, it’s critical for organizations to have this feedback loop in place to understand where their employee risk exists.

    Phishing simulations present users with real-world (but harmless) phishing attacks, where their engagement with such emails is tracked, allowing organizations to report on which employees have not “learned their lesson.” It’s a vital part of the security strategy designed to allow users to act as part of the organization’s defense.

    In this report ISACA recommends the following to reduce the risk of successful phishing attacks:

    • Build in validation of phishing awareness campaigns – have measures in place the to correlate user engagement and the performance of training efforts.
    • Evaluate the existing outsourcing or co-sourcing relationships – 38% of organizations develop materials internally. Consider leveraging an external partner with expertise in both security awareness training and phishing simulation.
    • Set clear goals for improvement and track them – simple blocking and tackling around reducing user engagement with phishing emails; test, measure, improve.
    • Establish or improve the governance structures in use for reporting and measurement – just as you want to see users improve the organization’s security stance, be mindful that the processes, procedures, materials, and mechanisms used to train and test users should improve over time as well.

    Find out how affordable new-school security awareness training is for your organization. Get a quote now.

     
    Get A Quote
    Request A Demo
     

     

    Return To KnowBe4 Security Blog

    Topics: Phishing

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews