The key variables to consider in live phishing tests

[et_pb_section fb_built=”1″ _builder_version=”4.16″ custom_padding=”0px|||||” da_disable_devices=”off|off|off” global_colors_info=”{}” da_is_popup=”off” da_exit_intent=”off” da_has_close=”on” da_alt_close=”off” da_dark_close=”off” da_not_modal=”on” da_is_singular=”off” da_with_loader=”off” da_has_shadow=”on”][et_pb_row _builder_version=”4.16″ custom_padding=”||8px|||” locked=”off” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ text_font_size=”20px” text_line_height=”1.8em” global_colors_info=”{}”]

What does “counting clicks” in live phishing tests tell you? There are really a lot more questions than answers.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.16″ min_height=”670px” custom_padding=”5px||8px|||” global_colors_info=”{}”][et_pb_column type=”1_2″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ text_font_size=”20px” text_line_height=”1.8em” header_2_line_height=”1.4em” min_height=”582px” custom_margin=”||-1px|||” global_colors_info=”{}”]

Here are some of the variables that are rarely considered when reporting on live phishing tests:

1. Did the employee guess suspect a test based the subject line?
2. Did security software block messages from reaching users?
3. Were some employees away from work during the test period?
4. Did some recognize and click on a test message “just to see it”?
5. What was the message content’s difficulty compared last time?
6. Was the subject line more (or less) compelling than last time?
7. Did somebody tell others about a suspected a phishing test?
8. What could have impacted the number of “detected opens”?
9. What can you infer about people who reported AND clicked?

[/et_pb_text][/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_image src=”https://clickarmor.ca/wp-content/uploads/2023/12/unsplashimage-10.png” alt=”Security awareness paradox” title_text=”unsplashimage (10)” align=”center” _builder_version=”4.23.1″ _module_preset=”default” module_alignment=”center” hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″][/et_pb_image][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″]

Photo by Ryan Putra on Unsplash

[/et_pb_text][et_pb_cta title=”It’s been a “super-fantastic” experience to see people learning and talking about security threats.” button_url=”https://clickarmor.ca/quick-start-bundle-gamified-security-awareness-training-and-engagement/” button_text=”Start Your 6-Week Quick Start Bundle Now” _builder_version=”4.16″ _module_preset=”default” locked=”off” global_colors_info=”{}”]

For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges.  (Limited time offer. Normally valued at $999 USD)

Use Promo Code: 6WEEKS

[/et_pb_cta][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.16″ custom_padding=”8px|||||” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ text_font_size=”20px” text_line_height=”1.8em” header_2_line_height=”1.4em” min_height=”107px” global_colors_info=”{}”]

On top of these variables, you should also consider how many data points you actually collected regarding “clicks” and “reports”. Phishing test scores usually focus on “how many clicked”, as a percentage of all messages sent. This is usually below 25%.

Ideally, you also get a count of “how many reported” a message. There is often less focus on this number, and it is often lower than those who clicked. But this doesn’t tell us anything about “how well they understood” how to analyze a phishing message.

Live tests can provide some useful information, but they have so many variables, the data is often very unreliable. This is all aside from the other ethical, cultural and educational issues that are also associated with live phishing tests.

Phishing education and remediation needs to be more supported by a more consistent, robust and inclusive methodology to provide the kinds of results executives need.

[/et_pb_text][et_pb_button button_url=”https://clickarmor.ca/trial” button_text=”Book a free trial of Click Armor to start strengthening your security culture” button_alignment=”center” _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][/et_pb_button][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]

 

Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.16″ global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_post_nav prev_text=”Previous Post” next_text=”Next Post” _builder_version=”4.16″ title_text_color=”#ffffff” background_color=”rgba(14,79,136,0.68)” custom_padding=”5px|10px|5px|10px|true|true” border_radii=”on|4px|4px|4px|4px” border_width_all=”1px” global_colors_info=”{}”][/et_pb_post_nav][/et_pb_column][/et_pb_row][/et_pb_section]