Organisations in the dark about phishing awareness
Only 12% of organisations worldwide are completely confident in their ability to assess the effectiveness of their phishing awareness campaigns, according to global IT governance professional association ISACA.
A survey of security, assurance risk and governance professionals, conducted by the association in partnership with Terranova Security, found that just 63% of respondents regularly monitor and report on the effectiveness of their phishing awareness activities.
While the survey did find that 85% of enterprises measure and regularly report on the effectiveness of their phishing awareness programs, it identified a divide between organisations employing awareness activities and conducting assessments of what employees have learned.
For example, only 57% of survey respondents state that they perform phishing simulation testing, and only 25% use other active knowledge-based assessment of employee phishing awareness.
“Current phishing defence strategies and implementation are clearly not hitting the mark,” ISACA Director of Cybersecurity Practices Frank Downs said.
“Strengthening these defence activities and improving outcomes is within reach, but requires careful planning and execution, and eliminating any gaps in managing and implementing these security awareness initiatives internally and externally.”
A white paper prepared as part of the research suggests that enterprises seek to adopt phishing simulation and other techniques to ensure their organisation has the capacity to validate user behaviour modification. Organisations should also set and track clear goals for improvement.
Australia ranked as the second least resilient country in a global survey of the preparedness of...
A US Senate Committee has detailed the lax security practices and policies at credit rating...
Australians are increasingly concerned about the security of their health records and personal...