The Reason for Phishing Tests

The purpose of all modern cybercrime is to get money from a business or their clients. This can be done a number of ways and a very popular method is through a phishing attack. This is where a cyber bad actor sends maliciously crafted email to a recipient inside of an organization.  A phishing attack targeted to a specific organization is called a spear phishing attack. These attacks have the sole intent of getting a business to send them money by either coercion or by getting the recipient of the email to click on something to install software that would be used to steal credit cards data. One of our clients who went through a test last year, did so because previously someone in their accounting department sent $400,000 to a cybercriminal. The bank was only able to recover $120,000 of the funds.  This was not a problem with the IT department, this was a problem with the business processes at this organization.

The purpose of a phishing test is to simulate what these cyber bad actors are actively doing and to see how the employees inside the organization are reacting to these attempts. The information gathered by the test can then be used to train the company on how to better respond and how to notice phishing attacks. Phishing tests are extremely important because even all of the cyber security products in the world cannot stop an employee who is not educated on the risks of email phishing attacks.

Get your organization tested today.  If you think it is not needed, look at these statistics we previously published,