Reply to post: Re: What's the metric?

If you have to simulate a phishing attack on your org, at least try to get something useful from it

a_yank_lurker Silver badge

Re: What's the metric?

The metrics I would want to see is who is consistently falling for a phishing attack and how many failed the each test. I would not be surprised if there is a group of 'usual suspects' who usually fall for a phishing attack and there would be some random number who had a bad day, accidentally clicked on the link, etc. Also, properly designed, it might give a clue of how to screen emails from the outside to cut down the number of attacks getting through.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019