How often do you do phishing campaigns?

6.8k views7 Upvotes20 Comments

Sort by:

CISO in Telecommunication2 years ago

We do it 10 times a year, not on fixed schedule, which means we can do it twice a month or none in a month. We want to make it unpredictable.

VP of IT in Services (non-Government)2 years ago

Quarterly but they are staggered and run more frequently for anyone who may need additional training

CISO in Healthcare and Biotech2 years ago

Quarterly phishing campaigns targeted at different business divisions are crucial to an organization's cybersecurity strategy. They educate employees about cyber threats and enhance their ability to identify and manage phishing risks via realistic simulations. Given the role of human error in successful phishing attacks, these proactive campaigns go beyond infrastructure safeguards to mitigate vulnerabilities. They offer tailored training to employees based on their roles and potential threats. I like to increase my company's "Cyber-Paranoia" Level. :-)

CIO2 years ago

Monthly - All users

Senior Director Engineering in Travel and Hospitality2 years ago

Depends on the risk score we get from external agencies

1 Reply

no title2 years ago

Interesting tangent Arun, thanks. but could you please elaborate? Most of the external scoring would focus on infra layer and thus maybe externally exposed lookalike domains, smtp/relay configurations. Other than those typr of angles, are you using any service to risk score people?

Content you might like

Compliance with InfoSec standards (SOC 2, ISO/IEC 27000 family, PCI-DSS & more) is crucial for:

Scaling the business32%

Preserving existing deals40%

Business reputation56%

Business continuity37%

Security33%

View Results

Has cryptocurrency helped to facilitate the ransomware market?

Yes80%

No15%

Unsure4%

View Results

Which cybersecurity metrics do you currently use with your board?

What do you do to recover quickly from early missteps in a new role? How can you keep initial mistakes from coloring perceptions when you’re still trying to establish your reputation at a new organization?

Which vendor solutions are being considered to "read, identify and redact information" in unstructured data sets? I'm specifically looking at solutions that can mask / redact or hide content within documents, that allow documents to be consumed but certain piece of information to be hidden.

How often do you do phishing campaigns?

Sort by:

Content you might like

Compliance with InfoSec standards (SOC 2, ISO/IEC 27000 family, PCI-DSS & more) is crucial for:

Has cryptocurrency helped to facilitate the ransomware market?

Which cybersecurity metrics do you currently use with your board?

What do you do to recover quickly from early missteps in a new role? How can you keep initial mistakes from coloring perceptions when you’re still trying to establish your reputation at a new organization?

Which vendor solutions are being considered to "read, identify and redact information" in unstructured data sets? I'm specifically looking at solutions that can mask / redact or hide content within documents, that allow documents to be consumed but certain piece of information to be hidden.

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go