Why we shouldn’t pump the brakes on phishing simulation

With all of the panic surrounding the pandemic we are all obsessively following, it’s easy to get beaten down by wave after wave of terrible news. Productivity is down, cyber attacks are up, and people are getting phished left and right. I recently wrote an article detailing just how many new phishing domains had been reported between March and the start of April, suffice to say the numbers we staggering.

With such a tremendous uptick in how many new phishing domains were being reported, and how many people are getting scammed everyday, it must be easy for CISOs and security engineers to think “maybe our users need a break” from all of the phishing simulation and training. This couldn’t be more counterproductive. People need education now, more than ever.

How can we justify phishing at a time like this?

You have to first understand the goal of your operation. If you feel guilty about ‘tricking’ people right now, maybe you don’t have the right attitude towards your program. The goal should never be to see how many people you can fool, though we all know how fun that is, it should be education and…