Preventative countermeasures against phishing emails can increase the likelihood that employees will fall for such scams, a new academic study shows.
Protective controls such as email proxy, anti-malware, and anti-phishing technologies can create a false sense of security for employees and cause them to lose their vigilance by mistakenly assuming that such measures are all phishing emails. Catch emails before they reach your inbox, a study co-organized by the University of Sussex Business School reveals.
Employee shame and fear of peer disapproval were more effective deterrents against accessing phishing scams, according to the researchers.
To protect themselves from costly phishing scams, companies should guide all employees through ongoing security education and training programs, recommend experts from the University of Sussex Business School and the University of Auckland.
Phishing scams are responsible for nearly one in three data breaches, and the cost of ransomware to businesses is estimated at over $ 8 billion worldwide.
Dr. Mona Rashidirad, Senior Lecturer in Strategy and Marketing at the University of Sussex Business School, said, “Security alone does not protect a company from phishing scams. Organizations and individuals invest heavily in security measures to protect the integrity, availability, and confidentiality of information assets. However, our study supports the results of recent studies that these protective measures are insufficient to ensure the ultimate protection of sensitive and confidential information.
“Protection and detective tools use machine learning, anomaly detection, text mining, and profile customization to combat the threat of phishing emails. However, cyber criminals develop these scams in a way that bypasses technological controls and exploits human cognitive biases. Technical countermeasures such as anti-phishing and spam tools, detection of e-mail malware and prevention of data loss often still require human intervention to analyze and differentiate between phishing and legitimate e-mails.
How to prevent phishing attacks
“To prevent phishing attacks, organizations must have a well-designed ongoing security education and training program in place and enforced that includes phishing simulation drills and embedded training for those at risk.”
After interviewing employees, the researchers developed a theoretical model of factors that influence users when they click on phishing emails from a socio-technical point of view, in order to study employee responses to or avoid the threat posed by the fraud.
Using planned behavior theory (TPB), the research team hypothesized that an employee’s intention to click on phishing emails is most influenced by how their response is perceived by managers and universities, and by the employee’s self-assessment of how he can deal with the threat and their personal attitude towards compliance.
The researchers identified a number of individual, organizational, and technological factors that could explain employee non-compliance with email security guidelines and the risk of phishing attacks.
This vulnerability to phishing scams was not significantly different based on an employee’s age, gender, or education, the study shows.
Employees’ clicking on phishing emails was often an irrational act triggered by habits and automatic behavioral tendencies that arose from daily past use of emails.
The authors found that informing employees about procedural countermeasures, including standards, guidelines, and guidelines for information security, increases employee security awareness, but is in itself insufficient to induce behavioral changes in employees dealing with phishing emails to have.
Effective staff training should inform employees about what security measures their employer has already taken, but also what security risks remain that could be exploited by malicious attackers, according to the scientists.
Hamidreza Shahbaznezhad, Senior Data Scientist in Industry at the University of Auckland, said: “Although technical countermeasures such as anti-phishing and spam tools are used, email malware detection and data loss prevention are used to reduce the risk of phishing. Use these technologies to reduce attacks Detecting phishing attacks remains a challenging problem. This is not least because they often require human intervention to analyze and differentiate between phishing and legitimate emails.
Farzan Kolini, PhD student at the University of Auckland, said: “Preventive countermeasures such as anti-phishing tools and email proxy play a critical role in detecting phishing emails as phishing attacks have become more sophisticated, to bypass countermeasures against private security. As such, employees must take extra care to investigate suspicious emails. ”
These were the details of the news Why employees fall for fraud and what companies can do about... for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at de24.news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.