"The Phish Scale: NIST’s New Tool Helps IT Staff See Why Users Click on Fraudulent Emails"
Researchers at the National Institute of Standards and Technology (NIST) developed a new tool called the "Phish Scale." This tool aims at helping organizations improve their training of employees to prevent them from falling victim to phishing attacks. According to estimates from the 2020 Official Annual Cybercrime Report by Cybersecurity Ventures, global cybercrime damages will cost $6 trillion annually by 2021, doubling the estimated cost from 2015. Phishing remains one of the most common types of cybercrime. The Phish Scale uses a rating system to help Chief Information Security Officers (CISOs) understand whether a particular phishing training email is easier or harder for a specific target audience to detect. CISOs can use this tool to better understand why their organization's phishing email click rates are high or low. This article continues to discuss the goal, structure, and development of the Phish Scale.