Broadly speaking, most phishing training works in more or less the same way.
An automated tool sends simulated phishing and spear phishing simulations to those within your organisation.
The simulations fool some, but not others. The tests reveal precisely who has been fooled and, towards the sophisticated end of the spectrum, they suggest what you might do to reduce individual and organisational phishing susceptibility.
Ultimately, phishing training reduces your chances of a data breach.
Does phishing training reduce your cyber risk?
Does phishing training actually reduce your cyber risk?
It’s a hard question to answer, but let’s give it a try.
Anyone who has ever conducted a prolonged period of phishing training will be aware that week-to-week and month-to-month, the results of phishing training tests can swing dramatically. Should this really be the case?
If phishing training in its current form did indeed reduce phishing susceptibility, then shouldn’t phishing susceptibility rates gradually decline, rather than pogo up and down?
It’s also worth considering how today’s phishing training usually attempts to rectify ‘failures’ – which is invariably through more of the same training. But if the training didn’t do all that much good first time around, should we really expect it to work a week or so later? Research suggests more of the same phishing training does little to reduce cyber risk.
As time goes on, more businesses are investing more money in cyber defences – phishing training included. From 2010 to 2017, UK businesses increased their investment in cyber security by almost 45%. Gartner predicts global investment to increase by a further 12.4% in 2019. Yet in 2016, 2017 and 2018, the percentage of businesses that suffered a breach as a result of phishing gradually increased, from 68% to 72% and then to 75% respectively.
What intelligent phishing training looks like
While it’s impossible to say for certain whether today’s phishing training does or does not reduce cyber risk, it’s safe to say today’s phishing training could be improved.
At CybSafe, the psychologists, security obsessives and behavioural scientists that develop our platform are continually working on innovations to further security awareness training and other interventions. Their latest innovation, which introduces an intelligent twist to phishing training, does just that.
CybSafe’s intelligent approach to phishing training goes beyond simply indicating who is susceptible to phishing and reveals why they’re susceptible. People fall prey to phishing for a number of reasons, such as fear, greed, pride, vanity and a desire to help those in need.
Intelligent phishing training reveals the types of attacks likely to fool specific individuals. Combined with bespoke training tailored to individuals, intelligent phishing training demonstrably reduces individual, departmental and organisational cyber risk.
As far as we know, intelligent phishing training is an innovation unique to CybSafe, the world’s first truly intelligent security awareness, behaviour and culture solution that demonstrably reduces human cyber risk.
Intelligent phishing training will be introduced to the CybSafe platform very soon. To find out how it works – as well as how CybSafe demonstrably reduces cyber risk – simply book a demonstration today.