This is an old revision of the document!
Risk Assessment
Instead of showing only raw data about how many users have been successfully phished, we can additionally provide a risk assessment methodology in LUCY, that shows the exposure to certain threats. We can classify different types of threats/Likelihoods such as
- Technical threats (e.g. unsecured windows PC, unsecure browser etc.),
- Internal threat (e.g. uneducated user who clicks on certain content) and
- Externals threats through hackers (latest trends in attacks, e.g. exploiting a specific browser vulnerability).
In LUCY 4.0 we implemented only a part of the 2nd analysis step and in the coming releases, this feature will be improved.
Using the risk assessment in LUCY
Select a new campaign and choose "risk assessment":
Select your company size and industry type. Then you will be presented a recommended set of attack templates:
Please try to use a variation of different attack types (hyperlink, web based & file based) to get a better understanding, how your employees react to different threats. You will find the risk specific threats within the campaign statistics under "risk assessment".