SWOT Approach to Security Awareness Training
What are the strengths, weaknesses, opportunities, and threats to a security awareness training program?
Although there is value in onsite social engineering, for the money offsite social engineering, such as that provided by PhishingBox is much more cost effective. Only in rare circumstances, will attackers attempt anything that require their physical presence. As such, most organizations do not need onsite testing.
According to a recent study commissioned by Check Point Software Technologies Ltd, forty-seven (47) percent of social engineering attacks are via phishing. (The Risks of Social Engineering on Information Security: A survey of IT Professionals)