At the Security Factory, we are partnered with Phished.io since the early beginning. We asked the CEO Arnout Van de Meulebroucke five questions about phishing training. Five takeaways, that discuss the essence of phishing simulation in organizations.
Why is phishing training so important? To be honest, it’s mostly because lots of organizations protect themselves with expensive firewalls and spam filters, which are all great of course. However, they fail to recognize the single largest cause of significant cyber incidents: the human factor. The essence of cyber awareness training is basically making people aware of the risks that are associated with having an online presence in a safe environment. Once your employees are aware what these risks are, then they will be able to successfully act upon potential threats aimed at your organization (or the employees themselves in their private lives).
What makes using AI technology in Phished so beneficial? For every employee that is added to our platform, the system automatically creates a dedicated profile. That profile tries to get to know the individual based on their interactions with our training content (both simulations and academy). From the moment, that the profile is established, our platform will proceed to make a dedicated training specifically aimed at that person. It’s a never ending process, and the profile evolves along with the person being trained, and that’s in my opinion one of the most beneficial aspects of our platform.
What type of phishing mails are generally the most successful? Usually, we tend to see that spear phishing mails are really successful within organizations. Spear phishing emails target people using senders (or from addresses) that the recipient should know, for example their boss or colleague. The recipient will have a higher confidence level in the email and is much more likely to interact with it due to the fact that he thinks that he knows the sender. When we use this principle during one of our first campaigns, the success rate (or should I say fail rate?) is often higher than 50%.
Should I act on every phishing mail I receive on my company email? Ideally, yes. You should report the phishing mail to your IT-department so that they can take the necessary actions to remove it or block it from your systems. While sometimes they may be very evident for you to recognize, some of your colleagues might not recognize it as easily as you do. Therefore it’s essential that the IT-department can take preventive action and protect your organization.
Can a company reduce his phishing failure rate to 0%? It’s a very difficult question to give a proper answer to. In an ideal world, it should be possible, yes. However, in the real world, you’re still working with people. People tend to make mistakes occasionally and therefore a phishing failure rate of 0% is quite difficult to achieve and especially to maintain.
You can change your cookie preferences anytime via the 'preferences' button.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.