Evaluation of the effectiveness of the program for phishing attack simulation and training of employees of organizations based on statistical analysis
Keywords:
phishing simulation, cybersecurity culture, statistical analysis, employee training, Pearson correlationAbstract
Phishing (theft of information using fake messages) is one of the most common cybersecurity threats that exploits human rather than technical errors. This study analyzes the ways of forming a cybersecurity culture in organizations and its effectiveness by simulating phishing attacks. The effectiveness of employee training is assessed using mathematical methods based on the latest statistical data and research. The results show that regular and positive phishing simulations increase employee awareness and form a responsible approach to cybersecurity
References
1. Bullee, J. W., Montoya, L., Junger, M., & Hartel, P. (2018). On the effectiveness of phishing awareness training: A comparative evaluation of different training methods.
DOI: 10.1093/cybsec/tyy003
2. Kumaraguru, P., Rhee, Y., Sheng, S., Hasan, S., Acquisti, A., Cranor, L. F., & Hong, J. (2007). Getting Users to Pay Attention to Anti-Phishing Education: Evaluation of Retention and Transfer.
DOI: 10.1145/1299015.1299019
3. Abu-Nimeh, S., Nappa, D., Wang, X., & Nair, S. (2007). A comparison of machine learning techniques for phishing detection. DOI: 10.1145/1299015.1299021
4. Parsons, K., McCormac, A., Pattinson, M., Butavicius, M., & Jerram, C. (2014). Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q). DOI: 10.1016/j.cose.2013.12.003
5. Alotaibi, S., & Furnell, S. (2020). A study of the effectiveness of cybersecurity awareness campaigns.
DOI: 10.1108/ICS-07-2019-0082
6. Wash, R., & Cooper, M. M. (2018). Who provides phishing training? Facts, stories, and people like me. DOI: 10.1145/3173574.3174174
7. Anti-Phishing Working Group. (2024). Phishing Activity Trends Report – Q4 2024. apwg.org
8. KnowBe4. (2024). Data Confirms the Value of Security Awareness Training. knowbe4.com
9. Microminder. (2024). Effectiveness of Security Awareness Training. micromindercs.com
