Wednesday, 27th January 2021

Research into simulated phishing

CybSafe invites cyber security professionals to contribute to new academic research into the impact of simulated phishing.

CybSafe is working on new research into the implementation and impact of simulated phishing. As part of the study, CybSafe is inviting cyber security professionals to contribute anonymously by completing a short survey about their experiences, here: cybsafe.com/takepart.

While simulated phishing campaigns are increasingly employed in both the public and private sectors, almost nothing is known about how they are implemented on the ground. The metrics that are most commonly recorded remain a mystery and what organisations do with them isn’t clear.

The first part of the ‘Simulated Phishing and Employee Cybersecurity Behaviour’ study (SPEC) project seeks to remedy this. In partnership with CREST, UCL, and the University of Bath, the CybSafe team have designed a questionnaire that will uncover not only what CISOs measure and what metrics they use, but critically, how they use these measurements to inform their simulated phishing policies.

“There are many purported ‘cures’ for high risk employees, from training to pay docking, and it’s unlikely that all have the same utility, or will be perceived the same way,” explained Dr John Blythe, Head of Behavioural Science at CybSafe, who will be leading the study.

Further to this, the SPEC research will explore the psychological implications of simulated phishing on staff, including how it influences levels of trust, stress and feelings of fairness amongst staff. Notably, the study will also analyse the effect of punishment as it relates to cyber security.

Dr Blythe added: “This is important, as punishing employees for clicking a phishing link, research suggests, may have several unintended consequences - decreasing a worker’s trust in their organisation, as well as their morale, and ultimately even reducing good cyber security behaviour.”

Oz Alashe, CEO, CybSafe said: “Organisations are currently in the dark when it comes to the true impact of simulated phishing. It’s exciting that CybSafe is leading the way here - uncovering totally new insights.”

The full research report is expected to become publicly available in January 2020. CybSafe will provide participants with exclusive access to the results of the survey, along with an accompanying report, before the public release.

Not all world records are cause for celebration—just look at the DDoS attack numbers from 2020. For...
With WALLIX, NHS Birmingham strengthens its cyber security policy and secures all remote access to p...
‘There’s a threat, pass it on’: a negative communication cycle between vendors, IT leaders and emplo...
Worldwide IT spending is projected to total $3.9 trillion in 2021, an increase of 6.2% from 2020, ac...
Palo Alto Networks has introduced a number of enhancements to Prisma® Cloud, the industry’s only com...
GTT Communications has enhanced its portfolio of managed security services. Leveraging Fortinet’s ne...
Security concerns intensify with challenges over remote worker access.
Versa Networks has unveiled the Versa ACE (Accelerate, Captivate, Engage) Partner Program. It is the...