Gå offline med appen Player FM !
Do phishing tests do more harm than good? - Wolfgang Goerlich - ESW #376
Fetch error
Hmmm there seems to be a problem fetching this series right now. Last successful fetch was on September 20, 2024 16:17 ()
What now? This series will be checked again in the next day. If you believe it should be working, please verify the publisher's feed link below is valid and includes actual episode links. You can contact support to request the feed be immediately fetched.
Manage episode 440924090 series 72776
A month ago, my friend Wolfgang Goerlich posted a hot take on LinkedIn that is less and less of a hot take these days.
He posted, "our industry needs to kill the phish test",and I knew we needed to have a chat, ideally captured here on the podcast.
I've been on the fence when it comes to phishing simulation, partly because I used to phish people as a penetration tester. It always succeeded, and always would succeed, as long as it's part of someone's job to open emails and read them. Did that make phishing simulation a Sisyphean task? Was there any value in making some of the employees more 'phishing resistant'?
And who is in charge of these simulations? Who looks at a fake end-of-quarter bonus email and says, "yeah, that's cool, send that out."
Segment Resources:
- Phishing in Organizations: Findings from a Large-Scale and Long-Term Study
- The GoDaddy Phishing Awareness Test
- The Chicago Tribune - How a Phishing Awareness Test Went Very Wrong
- University of California Santa Cruz - This uni thought it would be a good idea to do a phishing test with a fake Ebola scare
Show Notes: https://securityweekly.com/esw-376
4223 episoder
Fetch error
Hmmm there seems to be a problem fetching this series right now. Last successful fetch was on September 20, 2024 16:17 ()
What now? This series will be checked again in the next day. If you believe it should be working, please verify the publisher's feed link below is valid and includes actual episode links. You can contact support to request the feed be immediately fetched.
Manage episode 440924090 series 72776
A month ago, my friend Wolfgang Goerlich posted a hot take on LinkedIn that is less and less of a hot take these days.
He posted, "our industry needs to kill the phish test",and I knew we needed to have a chat, ideally captured here on the podcast.
I've been on the fence when it comes to phishing simulation, partly because I used to phish people as a penetration tester. It always succeeded, and always would succeed, as long as it's part of someone's job to open emails and read them. Did that make phishing simulation a Sisyphean task? Was there any value in making some of the employees more 'phishing resistant'?
And who is in charge of these simulations? Who looks at a fake end-of-quarter bonus email and says, "yeah, that's cool, send that out."
Segment Resources:
- Phishing in Organizations: Findings from a Large-Scale and Long-Term Study
- The GoDaddy Phishing Awareness Test
- The Chicago Tribune - How a Phishing Awareness Test Went Very Wrong
- University of California Santa Cruz - This uni thought it would be a good idea to do a phishing test with a fake Ebola scare
Show Notes: https://securityweekly.com/esw-376
4223 episoder
Alla avsnitt
×Välkommen till Player FM
Player FM scannar webben för högkvalitativa podcasts för dig att njuta av nu direkt. Den är den bästa podcast-appen och den fungerar med Android, Iphone och webben. Bli medlem för att synka prenumerationer mellan enheter.