Guidelines for a job role-based approach on phishing awareness in an organisation

Abstract

Phishing attacks have become a perpetual threat to organisations and internet users in general. Phishing websites and emails impersonating well known entities are launched frequently, with the intention of tricking unsuspecting employees to give out sensitive information, such as their login details in order to acquire access to corporate networks. Various solutions have been developed to combat phishing. However, security experts and phishing attackers are in a race because phishing attacks are becoming increasingly refined - as new solutions are developed. Reports have indicated that phishing attacks now target certain job roles, such finance, rather than other job roles, such as information technology. Therefore, it may be argued that the employees in an organisation may be more susceptible to phishing attacks, on account of their job role. A critical analysis of previous phishing studies was conducted, using the conscious competence learning matrix. To address the identified problem, as well as the analysis of the two studies conducted, this paper discusses proposed guidelines for advancing employees within an organisation from a state of unconscious incompetence where they do not know of the existence of phishing and their incompetence, to state of unconscious competence relative to their job roles.