| ▲ | thaumasiotes 2 months ago | |
When I was at NCC Group, we had a policy about phishing in penetration tests. The policy was "we'll do it if the customer asks for it, but we don't recommend it, because the success rate is 100%". | ||
| ▲ | bluefirebrand 2 months ago | parent [-] | |
How can you ever get that lower than 100% if you don't do the test to identify which employees need to be trained / monitored because they fall for phishing? | ||