Cyber Security Awareness Training and Improving Anti-Phishing BehaviorOrhan Sari
Cyber Security Awareness Training and Improving Anti-phishing Behavior – An academic research paper released in the Journal of Computer Information Systems recommends that technologies and policies on cyber security alone cannot sufficiently protect people against prevalent phishing threats and an adequate security awareness training program must also be part of these measures. Moreover, it suggests that criticism from fellow staff remains among the most effective factors preventing studied employees from falling for phishing attacks.
The other researchers also have demonstrated that clicking on phishing on a phishing link within an email is a reflexive response that occurred due to habit. See our Cybersecurity and Neuroscience whitepaper to see how habits affect our anti-phishing behavior.
Technical measures, tools, or security procedures and policies can help you to fight cyber attacks; however, without a behavioral change, the risk will always prevail. That’s is why the research from from the University of Sussex and the University of Auckland advise that organizations should execute a special security awareness training program that forces employees on implementing the best security practices.
Cyber Security Awareness Training and Improving Anti-phishing Behavior
As American author, Annie Dillard famously said: “How we spend our days is, of course, how we spend our lives.” In other words, habits aren’t just the things we do. Eventually, they become who we are. Consider what you’ve learned about someone if you know they have a habit of holding doors open for people and donating to charity: This is a person who cares about the well-being of others. While it may be less intuitively obvious, our cybersecurity behavior is also inextricably linked to important elements of our identity. If you’re someone who clicks on malicious links or readily provides company information to dubious people, it reveals carelessness and gullibility. On the other hand, if you’re scrupulous about your online activity and refuse to give hackers a foothold, you demonstrate that you’re responsible, well-informed, and trustworthy. These three elements – memory, habits, and identity – are the keys to developing a culture of security. Let’s take a closer look at each one.
The biggest cybersecurity vulnerability companies face is their employees. This is because hackers often use social engineering techniques that capitalize on employee negligence and ignorance to infiltrate organizations. As the FBI’s 2018 Internet Crime Report demonstrates, the most destructive forms of hacking (such as business email compromise, or BEC) rely on the manipulation of human beings to gain access to sensitive information, wire funds to fraudulent accounts, and defraud companies in various other ways.