Authors :
Prity Choudhary; Shanmuka Garaga; Vikas Jalan; Rahul Choudhary
Volume/Issue :
Volume 9 - 2024, Issue 11 - November
Google Scholar :
https://tinyurl.com/3e8b3vyx
Scribd :
https://tinyurl.com/44cdwecm
DOI :
https://doi.org/10.38124/ijisrt/IJISRT24NOV1136
Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.
Abstract :
Phishing attacks remain one of the most
pervasive cybersecurity threats facing organizations
today, often resulting in data breaches and significant
financial losses due to human error. This study
investigates the effectiveness of using automated phishing
contests, facilitated through the KnowBe4 platform, to
enhance cybersecurity awareness among employees
within a small organization. The research was conducted
in two phases: an initial phishing simulation where
employees were not forewarned or trained and targeted
cybersecurity training focused on identifying phishing
emails. A second phishing contest, after a five-month
interval, was utilized to measure the effectiveness of the
training intervention.
The data from both challenges were analyzed to measure
changes in employee behavior, concentrating on detection
rates and response patterns. Results indicated a
noticeable improvement in employees' ability to recognize
phishing emails after training, though some gaps
persisted, particularly with more sophisticated phishing
templates. The study also explored which phishing emails
were most challenging to detect and examined factors
influencing employee engagement in these simulations.
These findings highlight the value of structured phishing
awareness training in strengthening an organization's
cybersecurity defenses and provide actionable insights for
designing more effective cybersecurity education
programs.
Keywords :
Cybersecurity Awareness, Phishing Attacks, Employee Training, Knowbe4, Simulation, Cyber Threat Prevention, Security.
References :
- Sabillon, R. (2020). Delivering Effective Cybersecurity Awareness Training to Support the Organizational Information Security Function. https://doi.org/10.4018/978-1-7998-1879-3.CH012
- He, W., & Zhang, Z. J. (2019). Enterprise cybersecurity training and awareness programs: Recommendations for success. Journal of Organizational Computing and Electronic Commerce. https://doi.org/10.1080/10919392.2019.1611528
- De Bona, M., & Paci, F. (2020, August 25). A real world study on employees’ susceptibility to phishing attacks. Availability, Reliability and Security. https://doi.org/10.1145/3407023.3409179
- Shahbaznezhad, H., Kolini, F., & Rashidirad, M. (2021). Employees’ Behavior in Phishing Attacks: What Individual, Organizational, and Technological Factors Matter? Journal of Computer Information Systems. https://doi.org/10.1080/08874417.2020.1812134
- Alshaikh, M., & Adamson, B. (2021). From awareness to influence: toward a model for improving employees’ security behaviour. Personal and Ubiquitous Computing. https://doi.org/10.1007/S00779-021-01551-2
- Pouraimis, G., Thanos, K.-G., Grigoriadis, A., & Thomopoulos, S. C. A. (2019, May 7). Long lasting effects of awareness training methods on reducing overall cyber security risk. https://doi.org/10.1117/12.2518934
- Daengsi, T., Wuttidittachotti, P., Pornpongtechavanich, P., & Utakrit, N. (2021, June 15). A Comparative Study of Cybersecurity Awareness on Phishing Among Employees from Different Departments in an Organization. https://doi.org/10.1109/ICSCEE50312.2021.9498208
- Grassegger, T., & Nedbal, D. (2021). The Role of Employees’ Information Security Awareness on the Intention to Resist Social Engineering. https://doi.org/10.1016/J.PROCS.2021.01.103
- Chatchalermpun, S., & Daengsi, T. (2021). Improving cybersecurity awareness using phishing attack simulation. https://doi.org/10.1088/1757-899X/1088/1/012015
- Hijji, M., & Alam, G. (2022). Cybersecurity Awareness and Training (CAT) Framework for Remote Working Employees. Sensors. https://doi.org/10.3390/s22228663v
Phishing attacks remain one of the most
pervasive cybersecurity threats facing organizations
today, often resulting in data breaches and significant
financial losses due to human error. This study
investigates the effectiveness of using automated phishing
contests, facilitated through the KnowBe4 platform, to
enhance cybersecurity awareness among employees
within a small organization. The research was conducted
in two phases: an initial phishing simulation where
employees were not forewarned or trained and targeted
cybersecurity training focused on identifying phishing
emails. A second phishing contest, after a five-month
interval, was utilized to measure the effectiveness of the
training intervention.
The data from both challenges were analyzed to measure
changes in employee behavior, concentrating on detection
rates and response patterns. Results indicated a
noticeable improvement in employees' ability to recognize
phishing emails after training, though some gaps
persisted, particularly with more sophisticated phishing
templates. The study also explored which phishing emails
were most challenging to detect and examined factors
influencing employee engagement in these simulations.
These findings highlight the value of structured phishing
awareness training in strengthening an organization's
cybersecurity defenses and provide actionable insights for
designing more effective cybersecurity education
programs.
Keywords :
Cybersecurity Awareness, Phishing Attacks, Employee Training, Knowbe4, Simulation, Cyber Threat Prevention, Security.