How often do you do phishing campaigns?

6.8k viewscircle icon7 Upvotescircle icon20 Comments
Sort by:
CISO in Telecommunication2 years ago

We do it 10 times a year, not on fixed schedule, which means we can do it twice a month or none in a month. We want to make it unpredictable.

VP of IT in Services (non-Government)2 years ago

Quarterly but they are staggered and run more frequently for anyone who may need additional training

CISO in Healthcare and Biotech2 years ago

Quarterly phishing campaigns targeted at different business divisions are crucial to an organization's cybersecurity strategy. They educate employees about cyber threats and enhance their ability to identify and manage phishing risks via realistic simulations. Given the role of human error in successful phishing attacks, these proactive campaigns go beyond infrastructure safeguards to mitigate vulnerabilities. They offer tailored training to employees based on their roles and potential threats. I like to increase my company's "Cyber-Paranoia" Level. :-)

CIO2 years ago

Monthly - All users

Lightbulb on1
Senior Director Engineering in Travel and Hospitality2 years ago

Depends on the risk score we get from external agencies

1 Reply
no title2 years ago

Interesting tangent Arun, thanks. but could  you please elaborate? Most of the external scoring would focus on infra layer and thus maybe externally exposed lookalike domains, smtp/relay configurations. Other than those typr of angles, are you using any service to risk score people?

Content you might like

Threat detection & response 50%

Identity & access management 61%

Cloud security 48%

Security awareness training 30%

Other 2%

N/A

View Results

Asset management tool28%

Facilities inventory system56%

Excel or manual process11%

None3%

View Results