Abstract
Phishing is a serious threat to the Internet users and has become a vehicle for cybercriminals to perpetrate large-scale crimes worldwide. A wide range of technical and educational measures have been developed and used to address phishing threats. However, the technical anti-phishing measures have been widely studied in the current literature whereas comprehensive analysis of the non-technical anti-phishing techniques has generally been ignored. To close this gap, we develop a new taxonomy of the most common cybersecurity training delivery methods and compare them along various factors. The work reported in this paper is useful for various stakeholders. For organizations conducting or considering phishing training, it helps them understand the various awareness training and phishing campaigns capabilities and design an appropriate program with a meaningful return. For researchers, it offers a clearer understanding of the main challenges, the existing solution space, and the potential scope of future research to be addressed.
Highlights
Internet technology coupled with advances in mobile devices such as smartphones have enabled regular every-day people to learn, work, purchase, entertain, connect, and network from anywhere and at any time
This paper provides a new taxonomy of the most common cybersecurity training delivery methods developed to train the workforce to protect themselves from phishing threats
Since phishing are only effective if they are acted upon by the end users, in addition to ensuring that technical countermeasures such as email filters are configured to prevent phishing messages from getting into employee‘s inbox, equipping employees with the skills necessary to protect themselves and their organization against phishing threats is a key part of a robust cybersecurity program
Summary
Internet technology coupled with advances in mobile devices such as smartphones have enabled regular every-day people to learn, work, purchase, entertain, connect, and network from anywhere and at any time. Automated anti-phishing solutions are powerful defence, phishing attacks remain a significant threat to individuals and businesses currently accounting for more than 80% of reported security incidents [24]. It takes 32 days on average for technical countermeasures to detect and mitigate phishing attacks [42]. We will survey and critically analyse a variety of phishing awareness delivery methods based on the taxonomy we developed with emphases on those that focus on what delivery methods are effective in increasing the ability of the people to detect and mitigate phishing threats This provides useful information that will enable organisations to explore various alternatives when conducting workforce security awareness training.
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Advanced Computer Science and Applications
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
