Our CEO asked – somewhat rhetorically – on LinkedIn: What are the chances of launching a phishing simulation and getting it right the first time?
There are many well-known reasons why a simulation can go wrong. A few years ago we were writing about it. If you are interested in the details, you can read the article: Do you really know what a phishing simulation is? Are you sure?
And the situation, far from improving, is getting worse and worse. If you don’t believe it, check out our new article on false positives in simulations: origin and solutions.
All of this of course is a source of great frustration. Organizations need to simulate social engineering attacks, as is the only way to know what their current level of risk is and from there make an appropriate management. If each simulation involves an inordinate effort and the results are not reliable, it is inevitable to feel bad.
And this frustration is even worse in those organizations that have a low degree of maturity and knowledge when it comes to the world of cybersecurity awareness. These organizations believe in the famous gold phishing simulation and hit their heads against the wall with every attempt at simulation. This is obvious since they are looking for something that cannot be achieved (but they don’t know it).
So, how do we go from the frustration of not achieving our objectives to the satisfaction of achieving a simulation with reliable results? Is it possible?
The answer is Yes, and for that we need to follow two simple steps:
- First: Assume the reality.
- Second: Use the right tool or hire the right managed service.
To learn more about the last point, relive our webinar on how to recognize and fix the problem of software-generated statistics:
Leave a Reply