Researchers from the University of Sussex and the University of Auckland, seen here, took a close look at what compels people to click on phishing scams. (possumgirl2, CC BY-SA 2.0 via Wikimedia Commons)
A new academic research article published in the Journal of Computer Information Systems suggests that cybersecurity technology and policies alone cannot adequately address rampant phishing threats. Effective security awareness training must also be part of the equation.
Additionally, the article concludes that negative consequences such as shame and disapproval from fellow employees were among the most effective factors deterring surveyed employees from falling for phishing scams.
The researchers, from the University of Sussex and the University of Auckland, created a theoretical model partially based on previous social-technical research and theories to determine some of the biggest influencers affecting employee response behaviors when a phishing email arrives – including individual, organizational and technological factors.
According to the study, clicking on phishing emails is often a reflexive response done out of habit. Technical tools, security standards and policies can help counteract this problem, but are not enough by themselves to trigger a behavioral change, the paper n ..
Support the originator by clicking the read the rest link below.
