Authors : Suraj Sunil Shirale

Volume/Issue : Volume 10 - 2025, Issue 11 - November

Google Scholar : https://tinyurl.com/59v69jtw

Scribd : https://tinyurl.com/2s35vu72

DOI : https://doi.org/10.38124/ijisrt/25nov1387

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : This study examines the concept of the “human firewall” as a defence against phishing and malware and contrasts the awareness levels of IT and non-IT corporate employees. Data was obtained through a questionnaire that highlighted past experiences concerning phishing, the confidence level in recognizing suspicious messages, previous training received, and the perceptions of why certain groups are targeted more frequently. The results show clear differences between the two groups. IT employees where more confident phishing attempts were recognizable. This was primarily because the majority had received formal training in cybersecurity from the organization. Conversely, non-IT staff cited training that was little or non-existent, thus leading to lower confidence and the belief that limited awareness made them easier targets. Nonetheless, both groups seeing the value of training was appropriate and that employees could serve as a human firewall. The findings suggest that even though IT staff are better prepared, the non-IT employees are still at a considerable risk. Structured awareness and training initiatives should be expanded to all organizations, in all departments, not just the technical teams, to help reduce the risk of phishing and malware.

Keywords : Human Firewall, Phishing Awareness, Malware, IT vs Non-IT Workforce, Cybersecurity Training, Social Engineering.

References :

1. usecure (n.d.). Social Engineering Explained: Reduce Your Employee Cyber-Security Risk. https://blog.usecure.io/employee-social-engineering
2. Terranova Security (2024, Nov 29). 9 Examples of Social Engineering Attacks. https://www.terranovasecurity.com/blog/examples-of-social-engineering-attacks
3. Hox Hunt (2024, Nov 11). What is a Human Firewall? Examples, Strategies etc. https://hoxhunt.com/blog/human-firewall
4. White Spider (2025, Jun 30). The Human Firewall: The real threat behind AI and social engineering. https://whitespider.com/blog/human-firewall-the-real-threat-behind-ai-and-social-engineering/
5. Proofpoint (2022, Aug 24). Social Engineering Training: Essential Topic. https://www.proofpoint.com/us/blog/security-awareness-training/essential-cybersecurity-awareness-training-topics-social-engineering
6. Secureframe (2025, Oct 29). 85+ Social Engineering Statistics to Know for 2026. https://secureframe.com/blog/social-engineering-statistics
7. Threat COP (2022, Jun 13). Social Engineering Attacks: Techniques and Prevention. https://threatcop.com/blog/social-engineering-attack/
8. The Hacker News — “AI-Powered Social Engineering: Reinvented Threats” (Feb 07 2025) https://thehackernews.com/2025/02/ai-powered-social-engineering.html The Hacker News
9. Bleeping Computer — “5 reasons why attackers are phishing over LinkedIn” (Nov 10 2025) https://www.bleepingcomputer.com/news/security/5-reasons-why-attackers-are-phishing-over-linkedin/