Authors : Prity Choudhary; Shanmuka Garaga; Vikas Jalan; Rahul Choudhary

Volume/Issue : Volume 9 - 2024, Issue 11 - November

Google Scholar : https://tinyurl.com/3e8b3vyx

Scribd : https://tinyurl.com/44cdwecm

DOI : https://doi.org/10.38124/ijisrt/IJISRT24NOV1136

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : Phishing attacks remain one of the most pervasive cybersecurity threats facing organizations today, often resulting in data breaches and significant financial losses due to human error. This study investigates the effectiveness of using automated phishing contests, facilitated through the KnowBe4 platform, to enhance cybersecurity awareness among employees within a small organization. The research was conducted in two phases: an initial phishing simulation where employees were not forewarned or trained and targeted cybersecurity training focused on identifying phishing emails. A second phishing contest, after a five-month interval, was utilized to measure the effectiveness of the training intervention. The data from both challenges were analyzed to measure changes in employee behavior, concentrating on detection rates and response patterns. Results indicated a noticeable improvement in employees' ability to recognize phishing emails after training, though some gaps persisted, particularly with more sophisticated phishing templates. The study also explored which phishing emails were most challenging to detect and examined factors influencing employee engagement in these simulations. These findings highlight the value of structured phishing awareness training in strengthening an organization's cybersecurity defenses and provide actionable insights for designing more effective cybersecurity education programs.

Keywords : Cybersecurity Awareness, Phishing Attacks, Employee Training, Knowbe4, Simulation, Cyber Threat Prevention, Security.

References :

1. Sabillon, R. (2020). Delivering Effective Cybersecurity Awareness Training to Support the Organizational Information Security Function. https://doi.org/10.4018/978-1-7998-1879-3.CH012
2. He, W., & Zhang, Z. J. (2019). Enterprise cybersecurity training and awareness programs: Recommendations for success. Journal of Organizational Computing and Electronic Commerce. https://doi.org/10.1080/10919392.2019.1611528
3. De Bona, M., & Paci, F. (2020, August 25). A real world study on employees’ susceptibility to phishing attacks. Availability, Reliability and Security. https://doi.org/10.1145/3407023.3409179
4. Shahbaznezhad, H., Kolini, F., & Rashidirad, M. (2021). Employees’ Behavior in Phishing Attacks: What Individual, Organizational, and Technological Factors Matter? Journal of Computer Information Systems. https://doi.org/10.1080/08874417.2020.1812134
5. Alshaikh, M., & Adamson, B. (2021). From awareness to influence: toward a model for improving employees’ security behaviour. Personal and Ubiquitous Computing. https://doi.org/10.1007/S00779-021-01551-2
6. Pouraimis, G., Thanos, K.-G., Grigoriadis, A., & Thomopoulos, S. C. A. (2019, May 7). Long lasting effects of awareness training methods on reducing overall cyber security risk. https://doi.org/10.1117/12.2518934
7. Daengsi, T., Wuttidittachotti, P., Pornpongtechavanich, P., & Utakrit, N. (2021, June 15). A Comparative Study of Cybersecurity Awareness on Phishing Among Employees from Different Departments in an Organization. https://doi.org/10.1109/ICSCEE50312.2021.9498208
8. Grassegger, T., & Nedbal, D. (2021). The Role of Employees’ Information Security Awareness on the Intention to Resist Social Engineering. https://doi.org/10.1016/J.PROCS.2021.01.103
9. Chatchalermpun, S., & Daengsi, T. (2021). Improving cybersecurity awareness using phishing attack simulation. https://doi.org/10.1088/1757-899X/1088/1/012015
10. Hijji, M., & Alam, G. (2022). Cybersecurity Awareness and Training (CAT) Framework for Remote Working Employees. Sensors. https://doi.org/10.3390/s22228663v