Go Beyond the Phish – in More Ways Than One
Just as we advocate for thinking beyond the phish for cybersecurity assessments and training, we recommend extending beyond phishing tests to evaluate vulnerabilities and gauge progress.
In addition to utilizing question-based knowledge assessments and education modules, you can look to the security events that you already are (or should be) tracking, including metrics like the following:
- Numbers of active malware infections
- Rates of successful external phishing attacks
- Downtime hours for end users following a malware infection, successful phishing attack, or misplaced/stolen device
- Hours and resources tied to remediation of devices following end-user mistakes
- The quantity and quality of calls fielded by your IT helpdesk
- Numbers of suspicious emails reported by your employees
This last metric is a particularly good indicator of whether users are becoming more active in checking and evaluating the emails they are receiving on a day-to-day basis. You should start to see positive improvements with all of these measurements as you progress through a well-rounded, effective program. Those improvements will not only offer indicators of advancing knowledge but also offer the opportunity to gauge ROI on your education efforts.