Fight Phishing with Benchmarking and Simulation Training

Written by

How is your business dealing with today’s advanced email threats? Your traditional email-security defenses—spam filters, firewalls, and email gateways—weren’t designed to protect against phishing and other types of evolving attacks that rely on social engineering.

Considering that nearly three-quarters of cybersecurity threats originate with email and that phishing is responsible for 93% of all data breaches, effectively defending your business against attacks is more important than ever. 
Here’s one way to start getting safer right away: make benchmarking a key component of your email-security strategy. Benchmarking is an extremely valuable tool for figuring out how well (or how poorly) your organization is thwarting phishing attacks. Combining a multi-layered email defense with a controlled benchmarking campaign helps gauge your organization’s current ability to defend against attacks and minimizes susceptibility to future ones.

Benchmarking enables you to compare departmental results within your organization, other businesses in the same industry, businesses in different industries, and against industry compliance standards.
How benchmark testing can help
Take a look at these astonishing revelations discovered during benchmark testing by ACME Corporation (the company’s name has been changed to maintain its privacy). This company is a US-based manufacturer with offices around the world and more than 10,000 employees. In a six-month period, the company experienced a large number of incidents and decided to implement an email-security and phishing-simulation program. 

Surprised to find out that the click rate on phishing-simulation emails in their organization was 35%, the company decided to do some benchmark testing against other manufacturing companies using the same email templates. The results were shocking: the organization’s click rate was 26% above the industry average for other manufacturing companies.
In response to the benchmarking results, the company launched an aggressive email-security and phishing-simulation campaign to understand the risky behavior of employees and show them how to identify potential threats using in-the-moment training.

As a result of the campaign, the company was able to reduce the click rate from 35% down to nine percent, which is slightly below the industry average. In other words, the company cut its phishing click rate by 75%, placing it in the top 20% of all manufacturing companies.

How to make improvements at your organization
By running a continuous, controlled, phishing-simulation campaign, your organization can achieve a variety of similar benefits:

  • Close the human gaps in your email security posture
  • Make employees more aware of phishing attacks
  • Modify behavior with ongoing simulation campaigns
  • Transform employees from a security liability into a line of defense
  • Reduce your organization’s risk and susceptibility to attacks
  • Protect against data theft and brand damage

Fortunately, there are immediate steps you can take to replicate that success. First, review your current email security infrastructure to determine how many layers of protection you have.

Next, conduct an initial vulnerability assessment to determine your current level of phishing exposure. Based on the vulnerability assessment, identify gaps and risks in your email security defenses, including specific departments and individuals requiring additional intensive training, to ensure all employees are continually moving up the learning curve and improving their performance.

Finally, participate in a benchmark campaign to find out where you stack up against other organizations in the same industry.

Understanding your organization’s susceptibility to potentially devastating phishing attacks is the first step toward stopping them. A critical component of comprehensive email security, benchmarking, measures the quality of your organization’s policies and compares them with a variety of standard measurements, to help improve them.

Together, phishing-simulation training and controlled benchmarking provide real-world, actionable data to maximize your organization’s email security performance and minimize the risk of falling victim to attacks.

What’s hot on Infosecurity Magazine?