Whenever I hear that phishing tests are designed to "make people feel good about security" I always ask, "who will this will this make feel good about security?" The real answer always seems to be some C-Level or auditor.
Reposted from Jake Williams
There is no evidence that phishing simulations work at all (and some evidence they may make things worse). If we're doing security that "feels good" we might as well worship an idol made out of piles of networking gear or something.

Separately, punishing users is the peak of stupidity.

Comments

Posting Rules

  • Be respectful to others
  • No spam or self-promotion
  • Stay on topic
  • Follow Bluesky's terms of service