Exploring Historical and Emerging Phishing Techniques and Mitigating the Associated Security Risks
This work tackles the issue of reducing security risks from phishing for organizations, but it appears incremental as it builds on existing training approaches without introducing major innovations.
The paper addresses the problem of ineffective information assurance training against social engineering attacks like phishing, proposing methods to make training more engaging and memorable to improve knowledge retention.
Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure. These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most organizations rely on training to mitigate and reduce risk of non-technical attacks such as social engineering. Organizations lump IA training into small modules that personnel typically rush through because the training programs lack enough depth and creativity to keep a trainee engaged. The key to retaining knowledge is making the information memorable. This paper describes common and emerging attack vectors and how to lower and mitigate the associated risks.