The National Institute of Standards and Technology (NIST) has developed a method to help employers understand phishing vulnerabilities and improve their training programs to mitigate the effects of cyberattacks.
Cybercrime can take the form of phishing emails, which may seem to appear to be from an acquaintance or trustworthy institution. NIST's Phish Scale provides a rating on phishing emails and offers insight into why an email may be easy or difficult for its target audience to detect as fraudulent. Chief information security officers (CISOs), often tasked with training employees on how to identify phishing attempts, can use this information to develop more effective training programs with improved examples of phishing emails for their target audience. With more deceptive sample phishing emails, CISOs can offer better training to help employees identify sophisticated phishing attempts.
See NIST’s news item to learn more.