www.prodmarc.com

How to improve organization's phishing simulation programme ​ [How to improve organization's phishing simulation programme](https://preview.redd.it/eufzlntwo0851.jpg?width=1280&format=pjpg&auto=webp&s=bf83c00f7354f8ae8a8fa7ad1c4664918b61090b) A lot of progressive organizations have been running phishing simulation programmes for their employees for many years now. These programmes are executed either with consultation of a cyber security company as a service or through a phishing simulation platform or as a hybrid model. The key objective of these programmes has been to train the end employees to detect and report most commonly known phishing incidents. However, these programmes have been highly ineffective to identify topical phishing attacks resulting in a material impact on the organization. The reason being, some of the most high profile and successful phishing attacks were wrapped in the context of a usual business process of a critical user. These phishing attacks can be highly covert, if they are further wrapped in the context of a current topical matter, for instance COVID-19. Definition of a critical user need not always be a system administrator or payment processing employee; it could be a PR / marketing department employee dealing with massive listing of customer leads generated or it could be a customer helpline executive possessing a list of high profile irate and vulnerable customers. In this article, I am trying to bring about a change in mindset of how phishing simulation programmes should be conceptualized and executed. ​ https://preview.redd.it/58shpo62p0851.png?width=1267&format=png&auto=webp&s=d9000c1646673a3d695f6fbdaa2da65d3493bcf4 **To start with, let us understand the present threat landscape …** Since mid-March, cyber-criminals launched a variety of COVID-19 themed phishing and malware attacks against essential workers, healthcare facilities, and also the recently unemployed. One of the vital reasons behind the succes

How to improve organization's phishing simulation programme ​ [How to improve organization's phishing simulation programme](https://preview.redd.it/eufzlntwo0851.jpg?width=1280&format=pjpg&auto=webp&s=bf83c00f7354f8ae8a8fa7ad1c4664918b61090b) A lot of progressive organizations have been running phishing simulation programmes for their employees for many years now. These programmes are executed either with consultation of a cyber security company as a service or through a phishing simulation platform or as a hybrid model. The key objective of these programmes has been to train the end employees to detect and report most commonly known phishing incidents. However, these programmes have been highly ineffective to identify topical phishing attacks resulting in a material impact on the organization. The reason being, some of the most high profile and successful phishing attacks were wrapped in the context of a usual business process of a critical user. These phishing attacks can be highly covert, if they are further wrapped in the context of a current topical matter, for instance COVID-19. Definition of a critical user need not always be a system administrator or payment processing employee; it could be a PR / marketing department employee dealing with massive listing of customer leads generated or it could be a customer helpline executive possessing a list of high profile irate and vulnerable customers. In this article, I am trying to bring about a change in mindset of how phishing simulation programmes should be conceptualized and executed. ​ https://preview.redd.it/58shpo62p0851.png?width=1267&format=png&auto=webp&s=d9000c1646673a3d695f6fbdaa2da65d3493bcf4 **To start with, let us understand the present threat landscape …** Since mid-March, cyber-criminals launched a variety of COVID-19 themed phishing and malware attacks against essential workers, healthcare facilities, and also the recently unemployed. One of the vital reasons behind the succes

How to improve organization's phishing simulation programme ​ [How to improve organization's phishing simulation programme](https://preview.redd.it/eufzlntwo0851.jpg?width=1280&format=pjpg&auto=webp&s=bf83c00f7354f8ae8a8fa7ad1c4664918b61090b) A lot of progressive organizations have been running phishing simulation programmes for their employees for many years now. These programmes are executed either with consultation of a cyber security company as a service or through a phishing simulation platform or as a hybrid model. The key objective of these programmes has been to train the end employees to detect and report most commonly known phishing incidents. However, these programmes have been highly ineffective to identify topical phishing attacks resulting in a material impact on the organization. The reason being, some of the most high profile and successful phishing attacks were wrapped in the context of a usual business process of a critical user. These phishing attacks can be highly covert, if they are further wrapped in the context of a current topical matter, for instance COVID-19. Definition of a critical user need not always be a system administrator or payment processing employee; it could be a PR / marketing department employee dealing with massive listing of customer leads generated or it could be a customer helpline executive possessing a list of high profile irate and vulnerable customers. In this article, I am trying to bring about a change in mindset of how phishing simulation programmes should be conceptualized and executed. ​ https://preview.redd.it/58shpo62p0851.png?width=1267&format=png&auto=webp&s=d9000c1646673a3d695f6fbdaa2da65d3493bcf4 **To start with, let us understand the present threat landscape …** Since mid-March, cyber-criminals launched a variety of COVID-19 themed phishing and malware attacks against essential workers, healthcare facilities, and also the recently unemployed. One of the vital reasons behind the succes

How to improve organization's phishing simulation programme ​ [How to improve organization's phishing simulation programme](https://preview.redd.it/eufzlntwo0851.jpg?width=1280&format=pjpg&auto=webp&s=bf83c00f7354f8ae8a8fa7ad1c4664918b61090b) A lot of progressive organizations have been running phishing simulation programmes for their employees for many years now. These programmes are executed either with consultation of a cyber security company as a service or through a phishing simulation platform or as a hybrid model. The key objective of these programmes has been to train the end employees to detect and report most commonly known phishing incidents. However, these programmes have been highly ineffective to identify topical phishing attacks resulting in a material impact on the organization. The reason being, some of the most high profile and successful phishing attacks were wrapped in the context of a usual business process of a critical user. These phishing attacks can be highly covert, if they are further wrapped in the context of a current topical matter, for instance COVID-19. Definition of a critical user need not always be a system administrator or payment processing employee; it could be a PR / marketing department employee dealing with massive listing of customer leads generated or it could be a customer helpline executive possessing a list of high profile irate and vulnerable customers. In this article, I am trying to bring about a change in mindset of how phishing simulation programmes should be conceptualized and executed. ​ https://preview.redd.it/58shpo62p0851.png?width=1267&format=png&auto=webp&s=d9000c1646673a3d695f6fbdaa2da65d3493bcf4 **To start with, let us understand the present threat landscape …** Since mid-March, cyber-criminals launched a variety of COVID-19 themed phishing and malware attacks against essential workers, healthcare facilities, and also the recently unemployed. One of the vital reasons behind the succes