Over the last decade, there has been a substantial rise in the number of phishing attacks that harm organizations and individuals. Organizations are investing heavily in cyber security to minimize the risk of becoming a victim of a cyberattack, such as phishing attacks. Paradoxically, with cyber security budgets of organizations continuously increasing each year,the number of attacks that are successful is also increasing. In this thesis, we investigate how organizations with cyber security become victims of phishing attacks, drawing upon academic literature and empirical data collection. We examine the critical factors for why phishing attacks are effective. We then look into how organizations can reduce the risks of becoming a victim of these attacks. We suggest that current measures used to educate employees on cyber security and phishing emails may lack efficacy, since current training and education often fail to adapt to individual variabilities. This implies the need for more adapted training initiatives to increase the effectiveness of measures and hence reduce the probability of loss events. The other factor that leads to organizations and their employees failing to protect themselves from phishing attacks may bethe human proclivity towards making unintentional mistakes. However, we argue that organizations need to be careful simply to blame human error as the root cause for phishing attacks becoming a larger threat.
| Date of Award | 1 Feb 2022 |
|---|
| Original language | English |
|---|
| Awarding Institution | - Universidade Católica Portuguesa
|
|---|
| Supervisor | Peter Rajsingh (Supervisor) |
|---|
- Cyber security
- Phishing
- Social engineering
- Cyber security training
- Human error
- Mestrado em Gestão e Administração de Empresas
Why phishing attacks remain a threat for organizations with a robust cyber security
Wahl, A. R. (Student). 1 Feb 2022
Student thesis: Master's Thesis