If your security awareness training provider offers personal banking phishing templates, then it’s a good idea to re-think your provider. Why? Because phishers aren’t sending fraudulent banking alerts to corporate accounts. Besides, who links their bank account to their work email anyway? Phishers continue to up their game, moving away from sloppy phishing emails ripe with spelling mistakes and other recognizable signs to sending craftier, what we’ll call, “lite” spear phish.
With all of the companies out there offering their latest and greatest security awareness training products, it’s worth asking, is this a waste of my company’s money? Jerry Bell and Andrew Kalat, from the Defensive Security Podcast, argue that expecting your employees to be your first line of defense is “completely BS.” They believe that implementing a security awareness training program that includes simulated phishing tests gives a false sense of hope and ultimately, isn’t worth the money. What does the evidence say?