Phishing Simulations Reveal Problematic Employees

According to a recent research report conducted by security company Wombat, about 76 percent of security professionals reported that their organizations have been infiltrated by a phishing attempt. These sophisticated cyberattacks involve hackers posing as trusted sources to gain access to sensitive information. Many organizations understand how serious this threat is, and are spending millions of dollars on awareness training campaigns to keep employees and company data safe. According to security firm Cybersecurity Ventures, “Global spending on security awareness training for employees is predicted to reach $10 billion by 2027.” Some companies have been taking awareness training one step further, though, including phishing simulation campaigns to test how their awareness programs are working, and if employees are considering their training in their day-to-day. These simulations reveal weak points, and can also uncover which employees should be considered “high risk.” Employees that fail simulations with an unacceptable frequency can be escalated to more intense training sessions, engage in one-on-one coaching, or have their accesses and permissions limited to the point that they no longer pose a significant threat.