Should You Phish In Your Own Pond?

Are controlled phishing campaigns against your members the best way to keep your respective firm secure from phishing? This podcast session will look at phishing simulation tools, their overall pros/cons and alternatives available to keep your members secure from getting hooked with that phish.

Questions the moderator asked the speaker:
 
1. Phishing is thought to have originated in 1995 and love bug struck in 2000. Here we are today in 2023 and phishing is still our number one vector of compromise. We've been able to reduce the risk of malware: why is phishing such a struggle?
2. All security programs preach the importance of user awareness training, and it's been a requirement of clients and regulations for many years now. The majority of user awareness programs utilize phishing simulations. So, I guess the questions is, Are phishing campaigns still a good route forward? Are they being successful at training our users not to fall for that phish?
3. What's the best approach for including phishing awareness into your program? Is it best to continuously cast a line or occasionally try your luck at the phishing hole?
4. I've been hearing more lately about User coaching and how technology can be leveraged to protect users from themselves while presenting coaching opportunities when they do things that they shouldn't. Is this a strategy that's effective in reducing the risk of phishing? 
I'm not sure it would be a technology talk if we didn't speak about AI. How do you feel the future of AI impacts the threat of phishing and what steps should we be thinking about now to try and get in front of it?

Moderator:
@David Whale - Director Information Security, Fasken Martineau Dumoulin LLP

Speaker:
@Manuel Sanchez, Information Security & Compliance Specialist, iManage

Recorded on 06/27/2023