Google Guru Roasts Useless Phishing Tests, Calls For Fire Drill-Style Overhaul
The Register, Thursday, May 23rd, 2024
Current approaches aren't working and demonize security teams
A Google security bigwig has had enough of federally mandated phishing tests, saying they make colleagues hate IT teams for no added benefit.
Matt Linton leads Google's security response and incident management division. Tasked with rolling out phishing exercises every year, he believes tests should be replaced by the cybersecurity equivalent of a fire drill.
Today's phishing tests more closely resemble the fire drills of the early days, which were more like fire evacuation drills - sprung upon a building's residents with no warning and later blaming them as individuals for their failures.