The NCSC has published new “Phishing Attacks: Defending Your Organisation” guidance today help organisations consider their approach to email phishing attacks.
It’s worth taking a look, as it’s a stepchange in our guidance on tackling phishing. As part of this we’re suggesting that training staff in your organisation isn’t enough – there needs to be a multi-layered defence built in beyond relying on end user awareness and behaviour.
In particular, you’ll spot that we’re stepping back from recommending some of the off-the-shelf phishing click training packages. They’re expensive and not always effective. The new guidance has details on what to suggest to customers instead.