Effectiveness of and user preferences for security awareness training methodologies

Phishing is a primary vector used in cyber-attacks, and current technical measures are not sufficient to reduce their success to an acceptable level. Empowering users to identify phishing emails is crucial; thus, anti-phishing training is essential. We investigate participant phishing susceptibility...

Descripción completa

Detalles Bibliográficos
Autores principales: Tschakert, Kai Florian, Ngamsuriyaroj, Sudsanguan
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Elsevier 2019
Materias:
Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6606995/
https://www.ncbi.nlm.nih.gov/pubmed/31338464
http://dx.doi.org/10.1016/j.heliyon.2019.e02010
Descripción
Sumario:Phishing is a primary vector used in cyber-attacks, and current technical measures are not sufficient to reduce their success to an acceptable level. Empowering users to identify phishing emails is crucial; thus, anti-phishing training is essential. We investigate participant phishing susceptibility in a 2 × 2 mixed factorial design to determine if instructor-led classroom training, in addition to a multiple approach video-, game-, and text-based training package, offers a significant difference in susceptibility reduction compared with the absence of classroom training. The results suggest an insignificant improvement in reducing phishing susceptibility by incorporating classroom training. Furthermore, we observe a significant preference from the participants for one training method (i.e., classroom training) only if a decision for one particular method was required.

Ejemplares similares