• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

Mobile ID World

Mobile ID World

Identification Revolution

  • Mobile ID
    • What Is Mobile ID?
    • Identity Associations
    • Premier Partners
    • FAQ
  • News
  • Solutions
    • Behavioral
    • Facial Recognition
    • Fingerprint Biometrics
    • Iris Biometrics
    • Second Factor
    • Smart Cards
    • Smartphones
    • Vital
    • Voice
    • Wearable Tech
    • Other
  • Applications
    • Access Control
    • Cloud Technology
    • Commerce
    • Enterprise
    • Healthcare
    • Identification
    • Internet of Things
    • Law Enforcement
    • Strong Online Authentication
  • Exclusive
    • Interviews
    • Featured Articles
    • Podcasts
  • Companies
  • Events

NIST Aims to Raise Cybersecurity Awareness with ‘Phish Scale’

September 21, 2020

In an effort to help organizations better train their employees to be aware of and avoid certain types of cyberattacks, the National Institute of Standards and Technology (NIST) has announced the development of a new method it is referring to as the Phish Scale.

NIST Aims to Raise Cybersecurity Awareness with 'Phish Scale'

As its name would suggest, the Phish Scale focuses on phishing attacks, a common form of cybercrime in which hackers send emails that can appear to be from someone on a user’s contact list, and tempt them to click on a link which would then take them to a website that could allow dangerous malware to enter an organization’s computer network.

According to recent estimates by Cybersecurity Ventures in its recent 2020 Official Annual Cybercrime Report, the fallout from global cybercrime will cost organizations $6 trillion annually by 2021, representing a doubling of the $3 trillion cost in 2015.

Though the existence of a phishing training program is not uncommon for an organization, the Phish Scale differs in that it utilizes a rating system to determine the efficacy of the email content, giving Chief Information Security Officers (CISOs) a clearer understanding of more than just the number of times an email was or wasn’t clicked.

“The Phish Scale is intended to help provide a deeper understanding of whether a particular phishing email is harder or easier for a particular target audience to detect,” said NIST researcher Michelle Steves. “The tool can help explain why click rates are high or low.”

A five-point scale is used to rate various elements of the phishing attempt, and an overall score is calculated and then used by a phishing trainer to help rank the exercise into low, medium or high difficulty categories, giving CISOs more data to work with than simple click rates, which can have several causes and can give a false sense of security if they are analyzed on their own without a greater understanding of the difficulty of the phishing attempt.

Following years of research in an “operational” setting, the Phish Scale appears ready to provide immediate feedback to CISOs and organizations wishing to curtail what has become one of the most common forms of cybercrime in recent years.

“As soon as you put people into a laboratory setting, they know,” said Steves in a comment on how the Phish Scale was developed. “They’re outside of their regular context, their regular work setting, and their regular work responsibilities [and] that is artificial already.”

Since all of the data used in the Phish Scale study has come from NIST itself, next steps for the the project are to expand it and collect data from other organizations (including private enterprises), and to ensure it is able to adapt over time in order to keep up with the fast-paced landscape of cybercrime.

Filed Under: Industry News Tagged With: cyberattacks, cybercrime, cybersecurity, digital security, hack attacks, hacking, National Institute of Standards and Technology, NIST, phishing, phishing attacks

Related News & Articles

NTT DOCOMO’s Simple Mic Uses Synaptics DSP Solution

Oracle-ESI ThoughtLab Study Highlights Importance of Data for Smart Cities

Bittium Announces Ultra Secure Smartphone

Primary Sidebar

Learn About Mobile ID and Aviation

Tweets

Sponsored Links

facetec logo

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

FACEPHI is a global leader in Facial Recognition technology and in Mobile Biometrics technologies. With a strong concentration in the financial sector, FacePhi’s product is rapidly becoming a service used by banks all over the world. Its implementation doesn’t just save money, it is also a way to attract clients and build loyalty, while increasing the security of transactions for both the customer and the business. To learn more about FacePhi, visit https://www.facephi.com/en/

Recent Posts

  • Mastercard Solution Certified Under UK’s Digital ID Framework
  • Transatlantic Digital Traveler Identity Project Gets High-Profile Tech Partner
  • Digital Identity Tech Demo Online Event
  • Mobile ID Comes to Another US Campus
  • New York DMV Developing Mobile Driver’s License

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2023 MobileIDWorld