Q&A with our partner Phished!

At the Security Factory, we are partnered with Phished.io since the early beginning. We asked the CEO Arnout Van de Meulebroucke five questions about phishing training. Five takeaways, that discuss the essence of phishing simulation in organizations.
Phished logo
  1. Why is phishing training so important?
    To be honest, it’s mostly because lots of organizations protect themselves with expensive firewalls and spam filters, which are all great of course. However, they fail to recognize the single largest cause of significant cyber incidents: the human factor. The essence of cyber awareness training is basically making people aware of the risks that are associated with having an online presence in a safe environment. Once your employees are aware what these risks are, then they will be able to successfully act upon potential threats aimed at your organization (or the employees themselves in their private lives).
  2. What makes using AI technology in Phished so beneficial?
    For every employee that is added to our platform, the system automatically creates a dedicated profile. That profile tries to get to know the individual based on their interactions with our training content (both simulations and academy). From the moment, that the profile is established, our platform will proceed to make a dedicated training specifically aimed at that person. It’s a never ending process, and the profile evolves along with the person being trained, and that’s in my opinion one of the most beneficial aspects of our platform.
  3. What type of phishing mails are generally the most successful?
    Usually, we tend to see that spear phishing mails are really successful within organizations. Spear phishing emails target people using senders (or from addresses) that the recipient should know, for example their boss or colleague. The recipient will have a higher confidence level in the email and is much more likely to interact with it due to the fact that he thinks that he knows the sender. When we use this principle during one of our first campaigns, the success rate (or should I say fail rate?) is often higher than 50%.
  4. Should I act on every phishing mail I receive on my company email?
    Ideally, yes. You should report the phishing mail to your IT-department so that they can take the necessary actions to remove it or block it from your systems. While sometimes they may be very evident for you to recognize, some of your colleagues might not recognize it as easily as you do. Therefore it’s essential that the IT-department can take preventive action and protect your organization.
  5. Can a company reduce his phishing failure rate to 0%?
    It’s a very difficult question to give a proper answer to. In an ideal world, it should be possible, yes. However, in the real world, you’re still working with people. People tend to make mistakes occasionally and therefore a phishing failure rate of 0% is quite difficult to achieve and especially to maintain.
Want to know more about phishing simulation?
Contact us at hello@thesecurityfactory.be