Firms struggling to keep click rates down need to revisit their training and education policies and consider continuous awareness training, suggested Theo Zafirakos, CISO at Terranova Security.
It doesn’t even have to be mandatory (although some companies have opted to make them so). And perhaps more important than anything, make those discussions and exercises engaging. Nothing hurts awareness training more than a lifeless exercise.
These were just some of the tips featured in a MapleSEC Satellie Session presentation about how to protect your organization from phishing attacks, as well as tips for what makes a good phishing simulation.
According to data from Terranova Security, North America struggled the most with the simulation, posting a 25.5 per cent click rate and an 18 per cent overall credential submission rate. In Canada, those numbers were very similar at 24 and 17 per cent respectively. Thanks to a generally stronger approach to security and privacy among enterprises, Europe’s workers posted much lower click and submission rates at 17 and 11 per cent, respectively.
You can read more about Terranova’s 2020 Phishing Tournament here.
