New research from ISACA and Terranova Security found that just 12% of security, assurance, risk and governance professionals are confident in their ability to assess the effectiveness of their phishing defenses. Additionally, only 57% of those surveyed said they carry out phishing simulations within their organizations.
“Current phishing defense strategies and implementation are clearly not hitting the mark,” said Frank Downs, director of cybersecurity practices at ISACA. “Strengthening these defense activities and improving outcomes is within reach, but requires careful planning and execution, and eliminating any gaps in managing and implementing these security awareness initiatives internally and externally.”
Theo Zafirakos, CISO at Terranova Security, agrees that organizations need to implement security awareness training to ensure that these threats are mitigated.
“Phishing attacks continue to grow each year both in number and in cost to organizations globally and countless new phishing scenarios are created every day,” said Zafirakos. “While human error continues to prevail as the leading cause of all breaches and security incidents, security professionals agree the most effective way to reduce human risk is with security awareness and phishing simulation training.”
Phishing attacks are a real and growing threat to organizations in every sector. New-school security awareness training can give your organization noticeable results in your employees’ ability to defend against these attacks.