Security teams spend a lot of emotional capital with employees testing them with simulation phishes in hopes that by tricking them we build our resilience to actual attacks. But do these tests actually work to reduce our human risk? The answer- Yes but to a point.
1
1
2
Here is a quick writeup about our research and findings: elevatesecurity.com/do-phish…

Testing Phishing Simulations Validity - Elevate Security

Elevate Security tracks end user security decisions to reveal if phishing simulations work to prevent attacks, or if there's a better approach to user security.

elevatesecurity.com
1
2
Replying to @modMasha
Thanks for this, it’s very interesting research! I took this paragraph to mean the answer is “no” - phishing exercises do not help with real world attacks. Am I misunderstanding your results?

Jun 16, 2021 · 8:22 PM UTC