Security Program Controls/Technologies, Content

NIST Introduces Phish Scale Phishing Detection Method

The National Institute of Standards and Technology (NIST) has unveiled the Phish Scale, a phishing detection method designed to help organizations analyze their susceptibility to phishing attacks.

Organizations can use the Phish Scale to rate message content in a phishing email, according to NIST. They can rate cues that should tip off recipients about the legitimacy of an email and identify any tactics that cybercriminals can use to phish recipients.

How Does the Phish Scale Work?

The Phish Scale uses two rating systems: one that focuses on observable characteristics of a phishing email and another that scores the alignment of a phishing email's premise relative to its target audience, NIST indicated. In doing so, the Phish Scale enables organizations to evaluate the number and nature of cues that indicate an email may be malicious and assess their susceptibility to various phishing attack methods.

In addition, the Phish Scale helps organizations understand click-rate data associated with phishing emails, NIST said. It can be used in combination with phishing training programs to provide organizations with security insights that they can use to find out which types of phishing attacks present the greatest risks to their employees.

How to Combat Phishing Attacks

Along with using the Phish Scale to evaluate phishing attack risks, there are many things that organizations can do to combat phishing attacks, such as:

  • Conduct security awareness training to teach employees about phishing attacks.
  • Keep software and systems up to date and patch them regularly.
  • Deploy an end-to-end strategy to guard against phishing attacks and other cyber threats.

Approximately 55 percent of global organizations experienced at least one phishing attack in 2019, according to the "State of Phish" report from cybersecurity services and training provider Proofpoint. Meanwhile, MSSPs are increasingly offering automated security awareness training and other security tools to help organizations quickly detect and address phishing attacks.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.