Go Phish! Why Every Company Should Hack Its Own Employees

If there is one fear every Chief Information Security Officer has, it’s the fear of a phishing attack. It’s a rational one because every company, every C-Suite executive and every employee is vulnerable to this type of deception.

Due to the high volume of electronic messaging in the workplace, it only takes a momentary lapse in vigilance for a phishing scam to wreak havoc. Cybercriminals can steal company or personal data, delete files and deploy ransomware with just one email or one instant message. A single successful attack almost always results in some kind of monetary damage — whether it be in time or monetary transfers. In fact, the FBI estimates that CEO email scams have cost organizations more than $2.3 billion over the last three years. But it’s not just emails. Phishing (or, more specifically, social engineering) scams come in all shapes and sizes, from direct phone calls to targeted social media campaigns. They can range in appearance too, from a CEO asking for a wire transfer to a law enforcement officer demanding personally identifiable information and more.