The effectiveness of Security Awareness Training is hard to measure. In the industry, we would be in a euphoric state if we had data on “How many people DIDN’T click on a link due to training they received?” While we might receive anecdotal evidence to support this, unfortunately that data is simply not measurable in a meaningful way.
Simulated phishing attacks are not always a good litmus test either as they can be crafted specifically to test on the recent training that was received. This will produce simulated, non-reliable results.
In the following case study, we feature a client who has been on NINJIO AWARE since 2016 and underwent a full security audit by the Department of Homeland Security, as they have been identified as a “Critical Infrastructure” company.
As part of their audit, DHS and our client co-crafted a well-designed simulated phishing attack on 600 random employees. This attack was not based on previous training, but on a real-world scenario. This makes the results of this simulated attack trustworthy and a reliable test to assess the effectiveness of their Security Awareness Training, provided solely by NINJIO.
© 2020 NINJIO, LLC. All Rights Reserved.