One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8478668 |
| Date de publication | 2024-04-09 06:00:39 (vue: 2024-04-09 13:08:48) |
| Titre | 3 raisons pour lesquelles l'objectivité dans vos tests de phishing réduit le risque 3 Reasons Why Objectivity in Your Phishing Tests Reduces Risk |
| Texte | Phishing attacks are a constant challenge for businesses everywhere. As threat actors increase the sophistication of their methods, security awareness teams can use phishing simulations to help train employees to recognize and respond safely to real-life phishing attempts. This approach can be especially effective when the difficulty level of a simulated phishing scenario fits each person. That\'s why security practitioners need to make impartial, data-driven decisions when they choose those difficulty levels. In this post, we discuss the importance of objectivity-both for security practitioners who send phishing tests and for security leaders who evaluate the outcomes. With a reliable way to score phishing simulations, you can: Efficiently test and find your employees\' knowledge gaps Reliably target and improve user behavior on an ongoing basis Report a trusted big picture of human risk reduction 1: Efficiently test and find your employees\' knowledge gaps The big question is, how do you find the right phishing difficulty level for each person? Security practitioners must have a reliable, consistent way to evaluate the phishing simulation templates. And they must avoid subjective guesswork. It is vital to be correct in your assessments of the difficulty levels of phishing templates. Otherwise, the templates may be too easy or too challenging for people. And that will make it hard for you to know what your employees will do in real-world attack scenarios. An objectively measured difficulty scale is a must. It sets the foundation for sending phishing tests that fit the right level of difficulty for each employee so that you can assess what they do and don\'t know. Once you can effectively evaluate their knowledge gaps about cybersecurity, you have reliable context that will help you decide what targeted training each person requires. With Proofpoint Security Awareness, we run a machine-learning algorithm that automatically calculates the difficulty level of our phishing templates. Difficulty cues are based on the NIST PhishScale. This is an industry-accepted rating by the National Institute of Standards and Technology (NIST), which was created through rigorous research and analysis. Our Machine-Learning Leveled Phishing uses this combined methodology to avoid the errors that come from manual calculation and subjective assumptions. For instance, if security practitioners manually rate the difficulty level of phishing templates, they might each evaluate the suspicious cues with degrees of variance. They might use personal judgment that has logical mistakes or inadvertently apply their own biases, or they might interpret the cues from a limited viewpoint. Also, since many people typically run an awareness program, each person\'s definition of easy versus difficult will be different. 2: Reliably target and improve user behavior on an ongoing basis How do you know whether a phishing simulation is effective? When you trust the objectivity of a difficulty scoring system, you can trust that a phishing template is accurately rated as low, medium or high difficulty. This gives context to why a phishing campaign has a low or high click rate, or a low or high reporting rate. A low click rate for a high-difficulty simulation means that your employees are resilient about those cues for spotting a phish. A decrease over time in the click rate for that template shows an improvement in people\'s resilience. Security practitioners have predictable baseline data to help target and change people\'s behavior on an ongoing basis. You can look at who falls for each difficulty level and know that the metrics are a reliable analysis of the user\'s performance. That, in turn, makes you more effective in your efforts to target performance outcomes. In contrast, if you take a subjective approach when you rate the difficulty scoring, the effectiveness of a phishing template could be murky. When people score based on their perception and judgment, the assessment becomes inherently flawed. And when |
| Envoyé | Oui |
| Condensat | ability about accepted accurately achieve actions activity actors adaptive additional advance advanced algorithm align all along also among analysis apply approach are around artificially asks assess assessment assessments assumptions as threat attack attacks attempts automatically avoid awareness based baseline basic basis basis becomes beginner behavior behind benefit benefits better biases big board both build businesses business calculates calculation campaign campaigns can can: centric challenge challenging change choose click closely combined come communicate company concepts confident consistency consistent constant context contrast correct could create created cues current cybersecurity data decide decisions decrease definition degrees detailed determine different difficult difficulty director discuss don driven each easier easy education effective effectively effectiveness efficiently efforts employee employees enables ensure ensures errors especially essential established evaluate everywhere executive explain factor falls feel find fit fits flawed follow forward for spotting foundation framework from gaps gaps gaps get give gives giving goal goes greater guesswork habits happens hard harder has have having help helps high how human humans impact impartial importance improve improvement inadvertently increase individual industry inherently instance institute integrate intelligence intermediate interpret judgment justify keep know knowledge leaders leading learn learning level leveled levels life like limited logical look low lower machine make makes management manual manually many matches materials maximum may means measure measured medium methodology methods metrics might mistakes more moves murky must national need needs nist non objective objectively objectivity once ongoing organizational organizations other others otherwise outcomes over overall own pace page paint paired people perception performance person personal personalized phish phishing phishscale picture post posture practitioners predictable product program progressive proofpoint proofpoint provides quarter question rate rated rather rating real realize reasons recognize reduce reduces reduction reduction reflect reliable reliably report reporting requires research resilience resiliency resilient respond results right rigorous risk risks run safely scale scenario scenarios score scored scores scoring security see select send sending sent sets short show shows simulated simulation simulations since skills sophistication stakeholders standards story strengthen subjective successes sure suspicious system tailored take talking target targeted teach teams techniques technology tell template templates test tested tests than that them the ciso those threat threats through ties time to: too top train trained training training trends trust trusted trustworthy turn typically uncover understanding unique upleveling use user users uses variance versus viewpoint vital way what when whether which who why will world wrap your it “advanced” |
| Tags | Threat |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.