Phishing Simulation

WHAT IS PHISHING SIMULATION AND WHY IS IT IMPORTANT?

Phishing is a type of social engineering where attackers send fraudulent emails, pretending to be legitimate individuals or organizations, with the intent of tricking recipients into disclosing sensitive information, such as workplace credentials or payment card details. To help safeguard against such attacks, companies often run simulated phishing campaigns.

In these simulations, employees receive mock phishing emails. If they click on a link within the email or submit their credentials through that link, they are considered to have failed the phishing test. Conversely, if an employee reports the email, views it without engaging, or takes no action, they are considered to have passed.

Phishing simulation campaigns are designed to improve employees' ability to recognize phishing attempts. And, ultimately, to help employees avoid falling victim to actual phishing emails that could result in compromise of the organization’s data or systems.

 CONTROLS THIS DASHBOARD REPORTS ON

None of the control frameworks listed below explicitly require Phishing Simulation tests. However, most organizations do perform simulated phishing campaigns, and these campaigns can be presented to management, auditors, etc., as a component of Security Training.

• NIST CSF v2.0: PR.AT-01: Personnel are provided with awareness and training so that they possess the knowledge and skills to perform general tasks with cybersecurity risks in mind
  • PR.AT-02: Individuals in specialized roles are provided with awareness and training so that they possess the knowledge and skills to perform relevant tasks with cybersecurity risks in mind
• PCI-DSS v4.0.1: 12.6.3.1 Security awareness training includes awareness of threats and vulnerabilities that could impact the security of cardholder data and/or sensitive authentication data, including but not limited to: Phishing and related attacks, and social engineering.
• CIS CSC v8.1: 14.2 Train Workforce Members to Recognize Social Engineering Attacks

PRIMARY KEY PERFORMANCE INDICATOR (KPI)

The dashboard reports on this Primary KPI:

Numerator: A phishing email is compliant if the recipient did one of the following: "no action", "email reported", or "email opened"

Denominator: Total emails sent for the campaign

 COLUMNS DISPLAYED ON THE DETAIL DASHBOARD

• Compliance Status – Compliant unless the employee clicked a link, or entered credentials, etc.
• Campaign Name – Name given to the phishing campaign
• Campaign Start Date, Campaign End Date, Campaign Status – Start and end dates, and if the campaign is active or has ended
• Email Name, Email Subject – Name and subject for the phishing simulation email
• User Action Taken – could be "no action", "email reported" , "email opened", or “link clicked”
• Employee Full Name, Employee Email Address, Employee ID, Employee Job Title - Employee information
• Manager Employee ID, Manager Full Name, Manager Email Address - Employee's manager
• Executive VP, Senior VP, VP / Executive Director - Management chain for the Employee
• Level 5, Level 6 - Additional levels of management for the Employee

 OCSF TABLES USED BY THE DASHBOARD

• Training Inventory [99405002]
• User Inventory Info [5003]