Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
Test your team’s security readiness with the Gone Phishing Tournament
Published Sep 25 2023 11:19 AM 6,476 Views

Test your team’s security readiness with the Gone Phishing Tournament


74% of breaches involve the human element. Let's face it—technology alone isn't sufficient in the relentless fight against cyber-attacks.

With AI technology like LLMs becoming more ubiquitous, phishing attacks are getting more sophisticated and cyber-attackers are honing in on the easiest targets: the users.

From nation-states to basement-dwelling hackers, the strategy is simple yet effective: exploit human behavior to find a way in, then sit back as the defenses fall like dominos.

Luckily, with all this going on, you don't have to stay still.

You can turn potential victims in your organization into your first line of defense.


The Human Element as an Opportunity

Despite substantial investments in technical solutions to thwart phishing attempts, relying solely on technology is not a foolproof strategy. Here's why:

  • Technological limitations: While automated prevention and detection features can serve as a robust line of defense against cyber threats, their efficacy can be undermined by social engineering tactics aimed at exploiting human vulnerabilities. Attackers are adept at evolving their strategies, often bypassing the technical capabilities of security solutions. Therefore, to be proactive about potential breaches, a balanced focus that includes building an effective response with end-user resilience is crucial.
  • The human element: Employees are the heartbeat of your organization, intricately involved in data creation and management. The inherent vulnerability of human behavior presents a lucrative opportunity for attackers, who frequently use social engineering tactics to exploit this weakness.
  • Complexity of human behavior: Predicting human behavior, particularly concerning risk, is a complex undertaking. Numerous variables influence decisions, and attackers are well aware that these factors fluctuate, offering them varied opportunities for successful phishing attempts.


Gone Phishing Tournament 2023

Recognizing these challenges, Microsoft has partnered with Fortra's Terranova Security to create the Gone Phishing Tournament 2023, from October 9-27, an annual online phishing initiative that uses real-world simulations to establish accurate phishing clickthrough rates and additional benchmarking statistics for user behaviors.

The phishing test is different every year. In the 2022 tournament, Microsoft provided email and webpage templates that imitate a real-world scenario that the end-users are familiar with—a gift card. The email was sent to 1.2 million users, making it one of the largest phishing simulations of its kind.

Globally, of those who clicked on the phishing simulation email link, 44% completed the web form on the webpage with their personal information. Of course, after they submitted the form, they were brought to a phishing simulation feedback page highlighting the warning signs they missed on the spoofed landing page.

Had the simulation been a real attack, their personal and organization's data would have been compromised.

This endeavor aims to raise awareness and foster a robust security-conscious organizational culture, underpinned by comprehensive phishing simulation benchmarking data.


Why Protecting Your Organization Against Cyber-Attacks is a Collaborative Effort

Behavioral shifts can dramatically reduce risk levels and save millions. Although changing behavior is a challenging endeavor, modern solutions are spearheading a significant industry transformation. Here are some strategies to consider:

  • Actionable metrics: It's been said time and again—you can't improve what you don't measure. Phish susceptibility assessment is a core part of any security awareness program, and we think authentic simulation is the best way to measure real-world phishing risk behavior.
  • Learning by doing: Teaching is more than just telling. One of the reasons why effective security awareness programs focus so much on simulation is because it gives users the experience of an attack—safely. Doing something hands-on and experiencing it directly sticks in human brains much more effectively than just seeing or hearing a description of it.
  • Keeping users engaged: Life in organizations already includes a lot of formal learning, so you must find new, differentiated, and contextual ways to engage your people in learning experiences. Games, nudges, and social rewards systems educate without lecturing and bring an element of fun that helps the important messages stick.
  • Personalized learning: Everybody is at a different place in their journey. Look for solutions that allow you to differentiate learning based on what the user already knows, or what you think is going to be especially problematic for them.

Gone are the days of predictable, bi-annual security training sessions. Welcome to the era of dynamic, adaptive learning experiences.

Say hello to real-time simulations that pivot with emerging threats, and training modules that adapt to suit different roles and schedules within your team, fostering a proactive culture of security awareness.


See Where You Stand: Join the Gone Phishing Tournament

In the face of relentless cyber threats, a proactive stance is our strongest defense. This isn't just another awareness campaign—it's a call to action. The Terranova Security Gone Phishing Tournament offers a real-world simulation, a litmus test to gauge how well your employees can withstand phishing attempts.

This October don't just share knowledge—put it to the test. Equip your team with the insights and experience to identify and counteract phishing attempts effectively. And at the end, benchmark your results against peers, gaining critical insights to shape your future strategies.

Join us in not only embracing but embodying the #BeCyberSmart initiative. It's time to transition from awareness to action.


Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.


1 Comment
Version history
Last update:
‎Sep 25 2023 11:18 AM
Updated by: