1 min read

How do you measure success when it comes to stopping Phishing attacks?

Chris Bedel : Aug 24, 2016

Uncategorized

An article on CSO Online this week caught my attention and raises an excellent question.  That being, "what is a good success rate in your phishing test campaigns?"

I had this exact discussion with an FDIC Examiner about a month ago when my client had a 14% click rate on a recent phishing test.  The examiner's point, and a valid one, was that "it just takes one" (meaning that any clicks in a test should be concerning).

The article discusses this and gets feedback from several industry experts on their philosophies on what should be the goal, and what is attainable in testing your users in social engineering.

My opinion is one of continuous improvement and risk reduction (as opposed to risk elimination).  Nothing is 100% secure, especially humans.  Working on a training plan that is moving your click rate lower and lower over time, combined with defense-in-depth strategies, is more of a practical approach.

Read the CSO Online article here...
The 5 cyber attacks you're most likely to face

The 5 cyber attacks you're most likely to face

contributor : Aug 28, 2017

Featured
Read More
Want stronger passwords? Understand these 4 common password security myths.

Want stronger passwords? Understand these 4 common password security myths.

contributor : Oct 7, 2017

Fahmida Y. Rashid at CSO online recently wrote an article on passwords that's worth a look at. She takes the approach of disrupting our current...

Category One
Read More
Is an Internal Penetration Test Now More Important Than an External Pen Test?

Is an Internal Penetration Test Now More Important Than an External Pen Test?

Chris Bedel : Jun 22, 2016

Ancient Akkerman fortress at Belgorod-Dnestrovsky, near Odessa, Ukraine The status quo for community financial institutions when it comes to...

Uncategorized
Read More