When ever this question is asked a a gathering of IT people everyone groans and they all says something like “yes, I’ve got on of those”.
What is “one of those” ? It’s the person who for what ever reason will click anything.
Your security is only as strong as your weakest link. By the way, your CEO and CFO and their admins. might be one of your weakest links.
Quote from a IT Security employee dealing with this problem
“C-Level execs are often the targets of phishing attacks, and are many times the ones that don’t take security training seriously. We have started phishing simulations internally at my company, along with required security training courses. After the first round of training, our click rate for phishing dropped from 51% to 12% across the company. Not perfect, but I really feel phishing / network security training makes a big difference.”
The IT Security employee above is right, a drop from 51% to 12% is a big improvement. However, given the situation and what is at stake this plug can and should be closer to 100%. This IT Security guy is still has work to do.