How to build an effective organizational awareness of Phishing attacks?

Doron Hillman, MSc student at the Department of Industrial Engineering in TAU

26 May 2022, 12:00 PM, Room 206& via zoom

Abstract:
Employees frequently fall victim to Phishing attacks, putting themselves and their organizations at risk. As a response, organizations today invest time, resources, and their employees’ efforts into training and recognizing simulating Phishing attacks. However, the effectiveness of these efforts in real-world enterprise organizations is still widely unknown. To close this gap, we conducted a controlled experiment in an Israeli financial institution with about 5000 employees, including three Phishing simulation emails, and investigated how various variables affect the Phishing click-through rate (CTR). Our results indicate that employees are more likely to click on personal-phrasing Phishing simulation emails, and organizations should promote skills that increase their employees’ capability to choose (boosting) rather than providing persuasive information (nudging). Furthermore, organizations should focus less on the timing of awareness activities and more on tailoring them to different departments. This can be used to offer guidelines to Chief Information Security Officers (CISOs) on how to build effective Phishing organizational awareness to prevent Phishing attacks.
 

Bio:
Doron Hillman is an MSc student at the Department of Industrial Engineering at Tel Aviv University, specializing in Data Science. Doron holds a BSc degree in Industrial Engineering, specializing in information systems, from Ben-Gurion University. In the past few years, Doron has been leading cyber-security products from a technical and analytical perspective. His research focuses on organizational cyber-security awareness to prevent Phishing attacks. This work was conducted under the supervision of Prof. Eran Toch collaborated with Dr. Yaniv Harel.