A Comparative Study of Cybersecurity Awareness on Phishing Among Employees from Different Departments in an Organization

Abstract

Cybersecurity is an important issue for people who usually use the Internet for their purposes (e.g., ecommerce) in this era of the COVID-19 pandemic. For cyberthreats, phishing, which can be sent via email, can harm information systems in the organization. However, the risks from this kind of threats can be reduced if the employees have cybersecurity awareness. To prove this hypothesis with Thai employees, this paper presents a comparative study of cybersecurity awareness enhancement associated with the employees who work in different departments within the same organization in Bangkok, Thailand. In this study, the first phishing attack simulation was conducted before providing knowledge and training in cybersecurity to the employees and attacking with the second simulation. After result collection and analysis, it has been found that there are significant differences in cybersecurity awareness level between Thai employees from technology-based departments (e.g., IT department) and social-based departments (e.g., HR department) within the same organization. Of course, the technology-based employees are the better. Furthermore, it has been found that the cybersecurity awareness level of Thai employees from the social-based department, which were poor when compared to the other one, was improved obviously after they were involved with the cybersecurity awareness enhancement processes.