THE ROLE OF CYBERSECURITY AWARENESS TRAINING TO PREVENT PHISHING
UDC: 004.49.056
Keywords:
phishing, cybersecurity, awareness, trainingAbstract
Phishing remains one of the most common cyber threats today, with email being the primary attack vector. Cybersecurity awareness training plays a critical role in strengthening an organization's defence against persistent threats. This research paper examines the impact of cybersecurity awareness training on employees’ “online” behavior. The analysis utilizes results from earlier research to evaluate baseline cyber hygiene and assess how training impacts employees’ ability to recognize and respond to phishing threats. Following the results, a comprehensive cybersecurity awareness training program was implemented, focusing on recognizing and reporting phishing emails, safe browsing practices, and maintaining strong passwords. The results indicate a significant improvement in the organization's cyber hygiene post-training. The data reveals a substantial decrease in the number of employees’ falling victim to phishing attempts, alongside a notable increase in the reporting of phishing emails to the IT department. These findings suggest that the training not only enhanced employees' ability to recognize phishing attempts but also encouraged them to stay alert and report suspicious activities. Furthermore, this study underscores the importance of continuous training and periodic phishing simulations to sustain high levels of cybersecurity awareness. Regular training programs equip employees with the necessary skills to identify and respond to cyber threats, ultimately creating a more secure and resilient digital environment.
Downloads
References
[1] Alkhalil, Z., Hewage, C., Nawaf, L., & Khan, I. "Phishing Attacks: A Recent Comprehensive Study and a New Anatomy." Frontiers in Computer Science, 3, (2021).
[2] Ana Ferreira and Soraia Teles. Persuasion: How phishing emails can influence users and bypass security measures. International Journal of Human-Computer Studies 125 (2019), pp. 19–31.
[3] Bada, Maria & Sasse, Angela & Nurse, Jason. Cyber Security Awareness Campaigns: Why do they fail to change behaviour?. (2015). pp. 118-131.
[4] Caputo, Deanna D., Mitre, Shari Lawrence Pfleeger, Jesse D. Freeman and Mitre M Eric Johnson. “Going Spear Phishing: Exploring Embedded Training and Awareness.” IEEE Security & Privacy 12 (2014). pp. 28-38.
[5] Dawkins, S. and Jacobs, J. NIST Phish Scale User Guide. (2023).
[6] Grimes, Roger A. Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing. Hoboken, NJ: Wiley, (2024).
[7] Lutchkus, P., Wang, P., Mahony, J. Simulation Tests in Anti-phishing Training. In: Latifi, S. (eds) ITNG 2024: 21st International Conference on Information Technology-New Generations.
[8] Miceski H., Bogatinov D. THE IMPACT OF EMPLOYEES’ CYBER-AWARENESS TRAINING ON THE EFFECTIVENESS OF PHISHING ATTACKS. Contemporary Macedonian Defence, (47), (2024), pp. 65-76.
[9] Nasir, Sadiq. Exploring the Effectiveness of Cybersecurity Training Programs: Factors, Best Practices, and Future Directions. Advances in Multidisciplinary and scientific Research Journal Publication. 2. (2023). pp. 151-160.
[10] Richa Goenka, Chawla, M. and Tiwari, N. A comprehensive survey of phishing: mediums, intended targets, attack and defence techniques and a novel taxonomy. International Journal of Information Security, 23(4), (2023). pp.831–836.
[11]Wang, Jingguo, Yuan Li, and H. Raghav Rao. “Coping Responses in Phishing Detection: An Investigation of Antecedents and Consequences.” Information Systems Research 28, no. 2 (2017). pp. 378–96.
