|
|
|
|
|
|
by VoidWhisperer
32 days ago
|
|
|
So is the idea for Shira is that it is quizzes and other tools to teach people how not to be phished? Whereas I know some enterprise anti-phishing tooling I've seen lets IT/Security send a 'phishing email', where you are told good job if you report it and it is noted down on your employee record if you do fall for it |
|
|
We (and reseach) have found that the "phishing simulation" technique has not been effective. This "IT/Security sending a phishing-email" that you describe is the standard in the industry but it does not foster a space where real education and undestanding about what should be consider suspicious (and why) can occur. We have seen people alerting each other on private channels "be careful with this email, that's the phishing, simulation!". So IT have false data and people are not actually learning much...
Shira allows creating a controlled learning enviroment where people can learn about the phishing tactics and how to detect those in a controlled setting, with tailored explanations adapted to the org language/level/context :)
We wrote about it here: https://shira.app/phishing-quizzes
We launched it with a beta program some months and we have had very good feedback on effectiveness so far!
This is a demo quiz que created, but the idea is that trainers can create their own quizzes with any content and explanations they want https://quiz.shira.app/