Security firm allows companies to phish employees to test internal gullibility

Dive Brief:

Duo Security introduced a free tool Tuesday that allows companies to test their internal vulnerability to phishing scams.
The tool, called Duo Insight, allows IT teams to quickly run an internal phishing simulation, according to the announcement.
The first hundred phishing simulations run using the tool found 27% of end users vulnerable to phishing, while 17% of users entered a username and password.

Dive Insight:

Duo says the simulations allows administrators to identify potential security weaknesses and can help them push for stronger enterprise security solutions.

"Unfortunately, many organizations lack the resources to accurately measure the risk of being phished," said Ash Devata, vice president of product at Duo, in the announcement.

In December, anti-phishing company PhishMe said phishing emails pretending to be regular office communications are the most effective, with an average clickthrough rate of 22%.

Atlantic Health System recently conducted its own internal phishing simulation. It circulated an email informing employees that they had received a raise, which they would get simply by replying to the message and providing some additional verification information, according to a NJ.com report. About one-quarter of Atlantic’s 5,000 employees opened the email, and two-thirds of them provided the information requested.

Phishing emails continue to pose a growing threat to the enterprise. The number of phishing emails reached 6.3 million in the first quarter of 2016, a 789% increase over the last quarter of 2015, according to PhishMe.