NIST’s tool can help organizations improve the testing of their employees’ phish-spotting prowess
Researchers at the US National Institute of Standards and Technology (NIST) have devised a new method that could be used to accurately assess why employees click on certain phishing emails. The tool, dubbed Phish Scale, uses real data to evaluate the complexity and quality of phishing attacks to help organizations comprehend where their (human) vulnerabilities lie.
Here’s a quick refresher: in its simplest form, phishing is an unsolicited email or any other form of electronic communication where cybercriminals impersonate a trusted organization and attempt to pilfer your data. Information such as access credentials can be then abused for further attacks or sold on the dark web and used to commit fraud or identity theft.
Therefore, any company or organization that takes its cybersecurity seriously conducts regular phishing training exercises to see if its employees can distinguish between real and phishing emails. These trainings aim to increase employee vigilance as well as teach them to spot signs of phishing attacks masquerading as legitimate emails, which in turn, prevents them from getting hooked and protects their organizations from monetary and reputational damage.
RELATED READING: Would you get hooked by a phishing scam? Test yourself
These exercises are usually overseen by Chief Information Security Officers (CISOs), who evaluate the success or failure of these exercises based on click rates – how often employees click on a phishing email. However, the results are not emblema ..
Support the originator by clicking the read the rest link below.
