loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Jackie Scott ; Yair Levy ; Wei Li and Ajoy Kumar

Affiliation: College of Computing and Engineering, Nova Southeastern University, 3301 College Avenue, Fort Lauderdale, Florida, 33314, U.S.A.

Keyword(s): Phishing, Spear-Phishing, Security Education, Training, and Awareness (SETA), Business Email Compromise (BEC), Red Team, Phishing Campaigns, Phishing Training.

Abstract: Although there have been numerous significant technological advancements in the last several decades, there continues to be a real threat as it pertains to social engineering, especially phishing, spear-phishing, and Business Email Compromise (BEC). While the technologies to protect end-users have gotten better, the ‘human factor’ in cybersecurity is the main penetration surface. These three phishing methods are used by attackers to infiltrate corporate networks and manipulate end-users, especially through business email. Our research study was aimed at assessing several phishing mitigation methods, including phishing training and campaign methods, as well as any human characteristics that enable a successful cyberattack through business email. Following expert panel validation for the experimental procedure, a pilot study with 172 users and then a full study with 552 users were conducted to collect six actual end-users’ negative response actions to phishing campaigns conducted with traditional Commercial-Off-The-Shelf (COTS) product (KnowBe4) and a red team. Users were randomly assigned to three groups: no training; traditional training; and longitudinal customized training with 1,104 data points collected. While the phishing method was significant, our results indicate that current training methods appear to provide little to no added value vs. no training at all. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.227.190.93

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Scott, J.; Levy, Y.; Li, W. and Kumar, A. (2024). Comparing Phishing Training and Campaign Methods for Mitigating Malicious Emails in Organizations. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-683-5; ISSN 2184-4356, SciTePress, pages 643-651. DOI: 10.5220/0012281600003648

@conference{icissp24,
author={Jackie Scott. and Yair Levy. and Wei Li. and Ajoy Kumar.},
title={Comparing Phishing Training and Campaign Methods for Mitigating Malicious Emails in Organizations},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP},
year={2024},
pages={643-651},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012281600003648},
isbn={978-989-758-683-5},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP
TI - Comparing Phishing Training and Campaign Methods for Mitigating Malicious Emails in Organizations
SN - 978-989-758-683-5
IS - 2184-4356
AU - Scott, J.
AU - Levy, Y.
AU - Li, W.
AU - Kumar, A.
PY - 2024
SP - 643
EP - 651
DO - 10.5220/0012281600003648
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic