CISO Series discusses measuring defenses against social engineering attacks, particularly phishing. Hosts David Spark and Mike Johnson question the effectiveness of using phishing click rates as a metric, suggesting they are easily influenced and insufficient. Experts emphasize the need for a holistic approach, focusing on response actions post-click and measuring susceptibility across various channels, not just email. They highlight the importance of a layered security strategy and the evolving sophistication of attacks facilitated by advances like AI. Recommendations include enhancing awareness training and developing contextual metrics to better assess organizational security.
https://cisoseries.com/how-do-we-measure-our-defenses-against-social-engineering-attacks/