Today we are pleased to introduce Barracuda PhishLine Levelized Programs, which is a new way to measure user resistance to phishing attacks. We have the details here, and you can see this in action at RSA Conference this week. We're at exhibitor expo booth #4708, North Hall.
Barracuda leverages the power of intelligence to fight social engineering on two fronts. Barracuda Sentinel uses artificial intelligence to defend against messages that aren't legitimate. Barracuda Phishline uses human intelligence by turning employees into a stronger line of defense against phishing. PhishLine helps your users sharpen their anti-phishing skills with advanced phishing simulations along with end-user testing, reporting, and comprehensive metrics that let you take prompt and meaningful action against threats.
Today's announcement focuses on the metrics of the phishing simulations. Because traditional anti-phishing training uses click rates to measure success, training programs can give an inaccurate picture of employee awareness and skill level. A click rate is based on the overall user action in a simulated phishing attack. For example, if a company runs a simulation and 80% of the users avoid clicking anything in the email, that would be measured as a 20% click rate. Many professionals consider the 10-20% click rate was a ‘win' in that most users did not fall for the attack.
The idea behind these training programs is to get the click rate down to one to two percent, but even that isn't a real ‘win' against phishing. The real criminal only needs one user to fall for an attack in order to be successful. Since phishing attacks vary widely in their specifics, any number of factors can come into play when a user receives a simulated attack. Perhaps the user recognized the attack, or perhaps the content wasn't interesting or the user was warned in advance. Whatever the reason, the IT teams can't be sure that the click rate is a measurement of employee knowledge.
The leveling provided by Barracuda PhishLine Levelized Programs is an alternative to the click rate metric by focusing on user improvement rather than failure. Organizations create programs that support a healthy anti-phishing security culture, which includes user training and other activities. As employees progress through the program, the content challenges them at their individual levels. In a traditional click rate program, the employee is often dropped after a pre-determined number of successful simulations so that the simulations can focus on the users who need additional training. Barracuda PhishLine Levelized Programs keep the employee engaged throughout the life of the program.
Much like artificial intelligence, human intelligence must constantly be improved to keep pace with social engineering attacks.
To learn more about Barracuda PhishLine, stop by our booth at RSA Conference to see it in action. If you can't make it to the conference, visit our corporate website here for more information.