Featured Posts
For anyone monitoring the news, you would have seen stories about the barrage of cyber threats facing Australian organisations. The Australian Signals Directorate’s (ASD) 2023–24 Annual Cyber Threat Report paints a detailed picture, reinforcing the critical need for robust security awareness and effective phishing training - managing human risk – the very foundation of what we champion here at Phriendly Phishing.
The ASD report states that once again, phishing remains a cornerstone for malicious actors, acting as the initial point of compromise in organisations. Alarmingly, phishing was the leading cause of cyber security incidents affecting Australian critical infrastructure, accounting for 23% of all such incidents. This highlights that even organisations with significant resources are susceptible to well-crafted phishing attacks, underscoring the human element as a persistent vulnerability.
What really stands out is the continued and evolving effectiveness of social engineering tactics. While we often focus on technical vulnerabilities, these reports consistently show that exploiting human psychology through methods like phishing and its variations remains a highly successful attack vector

For organisations, the statistics are equally concerning. Business Email Compromise (BEC), often stemming from successful phishing attempts, was the top self-reported cyber crime type, accounting for 20% of reports. The financial impact is sobering, with Business Email Compromise (BEC) fraud resulting in almost $84 million in self-reported losses. Each successful BEC incident cost businesses an average of over $55,000. These figures highlight the tangible financial risks that effective phishing awareness training and human risk management aims to mitigate.

The threat landscape is evolving, with cyber criminals leveraging GenAI technologies to enhance their phishing campaigns. The ASD report warns of the rise of AI-enhanced social engineering, enabling more targeted and convincing spear phishing attacks, including voice imitation and, potentially, deepfakes. The increasing adoption of QR codes has opened the door to “quishing”, with ASD responding to 30 such incidents in the past year. These techniques bypass traditional technical controls, targeting human reasoning, and further emphasising the importance of an empowered and vigilant workforce - your organisation’s first line of defence.
It’s crucial to understand that phishing often serves as a gateway to more severe cyber incidents. The ASD report reveals that compromised accounts, frequently a result of successful phishing, were involved in 60% of cyber security incidents notified to the OAIC. These compromised credentials can then be used for credential stuffing attacks, leading to further breaches and data theft.
The ASD’s recommendations to combat these threats directly align with Phriendly Phishing’s core mission. They emphasise the need to train staff to recognise phishing attempts, implement multi-factor authentication (MFA), and maintain a strong culture of cyber security awareness.
.png)
Phriendly Phishing empowers your people to be that strong first line of defence. Our Australian-designed and digitally delivered platform provides engaging and relevant security awareness training coupled with realistic phishing simulations. By equipping your teams with the skills to identify and report suspicious emails, you can significantly reduce the likelihood of data spills and phishing fallout. Our platform’s ability to track your ROI through comprehensive analytics demonstrates the tangible improvements in your organisation’s security posture.
Phishing awareness training is most effective when delivered alongside simulated phishing exercises that expose learners to realistic attack scenarios. This combination of training, and interactivity not only builds "muscle memory" but also helps organisations measure behavioural change over time. Incorporating phishing simulations into an ongoing cyber security awareness strategy ensures that training translates into action, reinforcing vigilance and reducing susceptibility to threats.
These initiatives should form a part of any organisation’s broader approach to human risk management and security behaviour change programs.