The Phish Scale: How NIST is quantifying employee phishing risk

With the relatively recent uptick in phishing around the globe (due in part to Covid-19 and other factors), experts at the National Institute of Standards and Technology (NIST) have been working hard to create a new way to quantify phishing risk for organizational employees. This new way is called the Phish Scale. If phish and scales have you thinking more of the messy work associated with processing fish to eat, this article will give you a better smelling impression of the phonetic term. 

What is Phish Scale?

Released by NIST in 2020, Phish Scale is a breath of fresh air in this age of ever-increasing phishing instead of the aquatic stench the name might suggest. Phish Scale was created as a method by which CISOs can quantify the phishing risk of their employees. It quantifies this information by using the metrics of “cues” and “context,” which makes the data generated by training simulations to be more insightful. In essence, it allows organizations to better categorize actual threats (for better detection) and to better determine the effectiveness of their phishing training program.

You may be wondering why this is a significant development — and it is probably more significant than

Read More: