Why phishing attacks remain a threat for organizations with a robust cyber security
| Autor(a) principal: | |
|---|---|
| Data de Publicação: | 2022 |
| Tipo de documento: | Dissertação |
| Idioma: | eng |
| Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| Texto Completo: | http://hdl.handle.net/10400.14/38324 |
Resumo: | Over the last decade, there has been a substantial rise in the number of phishing attacks that harm organizations and individuals. Organizations are investing heavily in cyber security to minimize the risk of becoming a victim of a cyberattack, such as phishing attacks. Paradoxically, with cyber security budgets of organizations continuously increasing each year, the number of attacks that are successful is also increasing. In this thesis, we investigate how organizations with cyber security become victims of phishing attacks, drawing upon academic literature and empirical data collection. We examine the critical factors for why phishing attacks are effective. We then look into how organizations can reduce the risks of becoming a victim of these attacks. We suggest that current measures used to educate employees on cyber security and phishing emails may lack efficacy, since current training and education often fail to adapt to individual variabilities. This implies the need for more adapted training initiatives to increase the effectiveness of measures and hence reduce the probability of loss events. The other factor that leads to organizations and their employees failing to protect themselves from phishing attacks may be the human proclivity towards making unintentional mistakes. However, we argue that organizations need to be careful simply to blame human error as the root cause for phishing attacks becoming a larger threat. |
| id |
RCAP_a9b0040a5a7bc4d824ffa462a041f921 |
|---|---|
| oai_identifier_str |
oai:repositorio.ucp.pt:10400.14/38324 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository_id_str |
7160 |
| spelling |
Why phishing attacks remain a threat for organizations with a robust cyber securityCyber securityPhishingSocial engineeringCyber security trainingHuman errorDomínio/Área Científica::Ciências Sociais::Economia e GestãoOver the last decade, there has been a substantial rise in the number of phishing attacks that harm organizations and individuals. Organizations are investing heavily in cyber security to minimize the risk of becoming a victim of a cyberattack, such as phishing attacks. Paradoxically, with cyber security budgets of organizations continuously increasing each year, the number of attacks that are successful is also increasing. In this thesis, we investigate how organizations with cyber security become victims of phishing attacks, drawing upon academic literature and empirical data collection. We examine the critical factors for why phishing attacks are effective. We then look into how organizations can reduce the risks of becoming a victim of these attacks. We suggest that current measures used to educate employees on cyber security and phishing emails may lack efficacy, since current training and education often fail to adapt to individual variabilities. This implies the need for more adapted training initiatives to increase the effectiveness of measures and hence reduce the probability of loss events. The other factor that leads to organizations and their employees failing to protect themselves from phishing attacks may be the human proclivity towards making unintentional mistakes. However, we argue that organizations need to be careful simply to blame human error as the root cause for phishing attacks becoming a larger threat.Durante a última década, tem havido um aumento substancial do número de ataques de phishing que prejudicam organizações e indivíduos. As organizações estão a investir fortemente na segurança cibernética para minimizar o risco de se tornarem vítimas de um ataque desta natureza, tais como os ataques de phishing. Paradoxalmente, com os orçamentos de segurança cibernética das organizações a aumentar continuamente todos os anos, o número de ataques bem-sucedidos está também a aumentar. Nesta tese, investigamos como as organizações com segurança cibernética se tornam vítimas de ataques de phishing, recorrendo à literatura académica e à recolha de dados empíricos. Examinamos os fatores críticos para a eficácia dos ataques de phishing. Seguidamente, analisamos de que forma as organizações podem reduzir os riscos de se tornarem vítimas destes ataques. Sugerimos que as medidas atuais utilizadas para instruir os funcionários sobre segurança cibernética e e-mails de phishing podem não ser eficazes, uma vez que a formação e educação atuais muitas vezes não se adaptam às variabilidades individuais. Isto implica a necessidade de iniciativas de formação mais adaptadas para aumentar a eficácia das medidas e, consequentemente, reduzir a probabilidade de eventos de perda. O outro fator que leva as organizações e os seus empregados a não se protegerem dos ataques de phishing pode ser a propensão humana para cometer erros não intencionais. No entanto, argumentamos que as organizações precisam de ter o cuidado de não culparem o erro humano como a única causa dos ataques de phishing.Rajsingh, PeterVeritati - Repositório Institucional da Universidade Católica PortuguesaWahl, Axel Rynjus2022-07-21T10:17:55Z2022-02-012022-012022-02-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10400.14/38324TID:202965180enginfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-07-12T17:43:48Zoai:repositorio.ucp.pt:10400.14/38324Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T18:31:14.839273Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
| dc.title.none.fl_str_mv |
Why phishing attacks remain a threat for organizations with a robust cyber security |
| title |
Why phishing attacks remain a threat for organizations with a robust cyber security |
| spellingShingle |
Why phishing attacks remain a threat for organizations with a robust cyber security Wahl, Axel Rynjus Cyber security Phishing Social engineering Cyber security training Human error Domínio/Área Científica::Ciências Sociais::Economia e Gestão |
| title_short |
Why phishing attacks remain a threat for organizations with a robust cyber security |
| title_full |
Why phishing attacks remain a threat for organizations with a robust cyber security |
| title_fullStr |
Why phishing attacks remain a threat for organizations with a robust cyber security |
| title_full_unstemmed |
Why phishing attacks remain a threat for organizations with a robust cyber security |
| title_sort |
Why phishing attacks remain a threat for organizations with a robust cyber security |
| author |
Wahl, Axel Rynjus |
| author_facet |
Wahl, Axel Rynjus |
| author_role |
author |
| dc.contributor.none.fl_str_mv |
Rajsingh, Peter Veritati - Repositório Institucional da Universidade Católica Portuguesa |
| dc.contributor.author.fl_str_mv |
Wahl, Axel Rynjus |
| dc.subject.por.fl_str_mv |
Cyber security Phishing Social engineering Cyber security training Human error Domínio/Área Científica::Ciências Sociais::Economia e Gestão |
| topic |
Cyber security Phishing Social engineering Cyber security training Human error Domínio/Área Científica::Ciências Sociais::Economia e Gestão |
| description |
Over the last decade, there has been a substantial rise in the number of phishing attacks that harm organizations and individuals. Organizations are investing heavily in cyber security to minimize the risk of becoming a victim of a cyberattack, such as phishing attacks. Paradoxically, with cyber security budgets of organizations continuously increasing each year, the number of attacks that are successful is also increasing. In this thesis, we investigate how organizations with cyber security become victims of phishing attacks, drawing upon academic literature and empirical data collection. We examine the critical factors for why phishing attacks are effective. We then look into how organizations can reduce the risks of becoming a victim of these attacks. We suggest that current measures used to educate employees on cyber security and phishing emails may lack efficacy, since current training and education often fail to adapt to individual variabilities. This implies the need for more adapted training initiatives to increase the effectiveness of measures and hence reduce the probability of loss events. The other factor that leads to organizations and their employees failing to protect themselves from phishing attacks may be the human proclivity towards making unintentional mistakes. However, we argue that organizations need to be careful simply to blame human error as the root cause for phishing attacks becoming a larger threat. |
| publishDate |
2022 |
| dc.date.none.fl_str_mv |
2022-07-21T10:17:55Z 2022-02-01 2022-01 2022-02-01T00:00:00Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
| format |
masterThesis |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10400.14/38324 TID:202965180 |
| url |
http://hdl.handle.net/10400.14/38324 |
| identifier_str_mv |
TID:202965180 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
| instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| repository.mail.fl_str_mv |
|
| _version_ |
1799132035429695488 |