Organisations in the dark about phishing awareness

Only 12% of organisations worldwide are completely confident in their ability to assess the effectiveness of their phishing awareness campaigns, according to global IT governance professional association ISACA.

A survey of security, assurance risk and governance professionals, conducted by the association in partnership with Terranova Security, found that just 63% of respondents regularly monitor and report on the effectiveness of their phishing awareness activities.

While the survey did find that 85% of enterprises measure and regularly report on the effectiveness of their phishing awareness programs, it identified a divide between organisations employing awareness activities and conducting assessments of what employees have learned.

For example, only 57% of survey respondents state that they perform phishing simulation testing, and only 25% use other active knowledge-based assessment of employee phishing awareness.

“Current phishing defence strategies and implementation are clearly not hitting the mark,” ISACA Director of Cybersecurity Practices Frank Downs said.

“Strengthening these defence activities and improving outcomes is within reach, but requires careful planning and execution, and eliminating any gaps in managing and implementing these security awareness initiatives internally and externally.”

A white paper prepared as part of the research suggests that enterprises seek to adopt phishing simulation and other techniques to ensure their organisation has the capacity to validate user behaviour modification. Organisations should also set and track clear goals for improvement.

Image credit: ©lollo/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.