One Article Review
| Source |  knowbe4 |
|---|---|
| Identifiant | 8395221 |
| Date de publication | 2023-10-13 17:34:39 (vue: 2023-10-13 18:08:09) |
| Titre | Devriez-vous utiliser des e-mails de test de phishing simulés controversés? Should You Use Controversial Simulated Phishing Test Emails? |
| Texte |
The Wall Street Journal recently published an article about using highly-emotionally charged, “controversial”, subjects in simulated phishing tests. Controversial topic examples include fake pay raises, reward gift cards, and free Taylor Swift tickets. The younger half of our team is convinced the latter topic would have completely tricked them. Since the article was published, we have had readers and customers ask us how we felt about the use of controversial simulated phishing tests, especially since they are part of our offering.Here is our general statement: KnowBe4 recommends caution when using controversial subjects in simulated phishing tests as they may generate anger upset if used incorrectly. If you decide to use a controversial topic, it is better if it mimics a real-world phishing scenario than simply a brand-new idea that has never been used before. Our customers choose and customize templates based on their organization\'s needs, and obviously, that needs to be done the right way. We have sent over a billion phishing tests over the last 13 years. A very small fraction of those have caused complaints. An ounce of prevention in the form of one simulated phishing test a month is worth a pound of cure. It is better to be proactive and prevent potential data breaches. Some people have asked us why we even offer controversial simulated phishing topics, which could cause negative reactions. The short answer is that many of our customers want and successfully use controversial simulated phishing topics.Every organization is different and its tolerance of using controversial topics is different. But in general, security awareness training (SAT) programs should strive to win “hearts and minds” and proponents versus opponents. Creating an angry workforce that reacts negatively against an SAT program because of some outlier topics is not a great outcome. Our KnowBe4 platform has over 20,000 simulated phishing “templates” and we would advise you select a less controversial template, if the more controversial ones are going to cause strong negativity. We know from our data of over 65,000 customer organizations and over a billion simulated phishing tests that sending--ideally once a month--simulated phishing tests is one of, if not the best, things you can do to reduce cybersecurity risk in your environment. Social engineering and phishing accounts for 50% to 90% of successful cybersecurity exploits (depending on the data you rely on). No other cybersecurity attack root cause comes even close, although unpatched software and firmware trails in second place involved in around 20% to 40% of attacks. Doing simulated phishing tests is the best way to educate your workforce about various social engineering threats. It is the best type of security awareness education, far more effective than regular training content alone. In the average customer environment, about one-third of untrained employees will click on a phishing (or simulated phishing) email. After training, including simulated phishing tests, that percentage falls to around 5%. Many of our customers, with frequent simulated phishing tests, get that percentage down to 2% or less. Doing simulated phishing tests is one of the best defenses you can de |
| Envoyé | Oui |
| Condensat | if it our social some the we when 000 about accident accidents accounts across actors administrator administrators advise after against all allow allowed alone although anger angry another answer any are around article ask asked attack attacks available average avoid awards awareness away bad balance based because been before behavior being best better between big billion bland bone both brand breaches bring but campaigns can car cards cause caused causing caution celebrity champions change charged choose click close closely comes coming common complaints completely consider constantly contain content controversial convinced correctly could create creating crossing culture cure customer customers customize cybersecurity data deaf deal decide decisions defenses delicate depending deploy destructive different direction distracted does doing done down drive driver drivers educate education effective effectively email emails emotional emotionally emotions employee employees engineering environment especially even events every evidence exactly examples expensive exploits expose exposed exposing fail failures fake falls far feelings felt fiddling firmware follow form fraction free frequent friends from front gaps general generate get gift give going great had half has hatred have healthy here high highly hoped how idea ideally ideology immediate improve include including incorrectly inexperienced innate inspect inspection intentionally intersection introduce involved its journal just kids know knowbe4 last latter lead least legal less like line look lot love make malicious management many may message mimics minds” mistake moments month more most motivate motivated natural need needs negative negatively negativity never new news normal not now obviously offer offering often once one ones only opponents order organization organizations other ounce out outcome outlier over own part particular pay people percentage perhaps perpendicular phishing pick place platform pointing politician politics possible possibly potential pound prevent prevention proactive proceeding program programs proponents published purpose question radio raises rational react reactions reacts readers real realistic really reason recently recognize recommend recommends reduce regular rely response responses reward right risk root safely same sat scenario scenarios second secure security seeing seem seems select sending sense sent short should sides signs simply simulated since skepticism slightly slow slowly small social software some specific statement: stop street strive strong stronger subjects successful successfully sudden swift switches tactics taking taylor teach teachable teaching team tell template templates test testing tests than them then thing things think thinking third those thoughtful thousands threats through throw tickets time tolerance tone too topic topics trails training tricked truly try trying two type ultimate ultimately understand unpatched untrained upset use used user users using various vehicles verify versus very wall want way ways what when whether which who whole why wild will win without workers workforce world worth would years young younger your “controversial” “hearts “templates” “unfair” |
| Tags | General Information |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.