IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
IT Pro Podcast

The IT Pro Podcast: Are phishing tests a waste of time?

We discuss whether simulated email attacks are a worthwhile way to improve security

The IT Pro Podcast: Are phishing tests a waste of time?

Phishing remains one of the oldest and most persistent attack methods for hackers trying to break into an organisation, and potential targets continue to use simulated phishing attacks as one of the primary ways to ensure their staff are ready to defend against it. 

However, these spoof attacks aren’t always well-received, and employees can frequently feel unfairly trapped or caught out by these tests. Appearing on this week’s podcast to discuss why phishing simulations are often so poorly received, the value that they offer as part of a wider security strategy and how organisations can deploy them more effectively is Paul Watts, ex-CISO, former IT Pro Panellist, and distinguished analyst for the Information Security Forum.

Highlights

“I'd be lying if I said I haven't been implicated in a couple of phishing exercises that might be maybe cutting it a little bit close. But, you know, you've got to have a sense of emotional intelligence, you've got to understand how your business is thinking and feeling, and there are some areas where you probably shouldn't venture. But what I would say is this: phishing plays on the significance of social engineering to threat actors. And unfortunately, social engineering plays on basic raw human emotions.”

“One of my most favourite phishing campaigns or simulation exercises we did was we wrote to all of the senior leaders to say, your Avios miles are going to expire in the next few days. It was an absolute frenzy. The PAs were mustering to log in and spew their details into this, because God forbid you're going to take an exec's airmiles or airline privilege away from them! It just comes back to exactly what I said; you press the right buttons in the right order, and people will lower their shields and they will fall for it.”

“It's easy to talk about the number of incidents, but more valuable is talking about the times you nearly got caught and celebrating that. And building on that, and that culture that actually, the right thing to do, to be celebrated is to call out when you think something's happened, or you responded to something that you perhaps shouldn't have done, or you're in any way uncertain. To know that you can do that without fear of reprisals, or recriminations or punitive actions is absolutely critical; you can then start to think about what are the most specific threats to your organisation right now, and then focus on those.”

Read the full transcript here.

Footnotes

Subscribe

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

The IT Pro Podcast: The front line of fraud tech
cyber crime

The IT Pro Podcast: The front line of fraud tech

29 Nov 2022
The IT Pro Podcast: How secure is metaverse tech?
Security

The IT Pro Podcast: How secure is metaverse tech?

18 Nov 2022
The IT Pro Podcast: The rise of automated contracts
automation

The IT Pro Podcast: The rise of automated contracts

11 Nov 2022
The IT Pro Podcast: How can we make procurement smart?
logistics

The IT Pro Podcast: How can we make procurement smart?

4 Nov 2022

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022