We identified 17-24 unique awareness topics related to user behavior, dependent on the organization's industry sector. Focusing your efforts on a single attack vector leaves your organization wide open to other attack vectors. Admittedly, the simulations are used specifically because they do create metrics, which is incredibly valuable. However, they should not constitute the entire awareness program.
Most security awareness programs are doomed from the start, but it doesn't have to be that way. You can implement the successful habits that we previously identified, but you first have to remove any impediments to success. By setting the proper foundation, you will be able to implement a program that has a true return on investment and mitigates what is described as the top vulnerability exploited by advanced attacks.
Sign up for CIO Asia eNewsletters.