Project 5 - Garima Pradhan (1)
docx
keyboard_arrow_up
School
University of Maryland *
*We aren’t endorsed by this school
Course
393
Subject
English
Date
Dec 6, 2023
Type
docx
Pages
9
Uploaded by prdgarima
University of Maryland Global Campus
WRTG 393 Advanced Technical Writing
2023
Writing Assignment #5
Briefing Pape
Garima Pradhan
Executive Summary
Phishing poses a significant threat to both individuals and organizations, as
cybercriminals continuously evolve their techniques to deceive people into divulging sensitive
information. Recently, there has been a notable rise in the use of social engineering tactics, where
attackers exploit trust in reputable brands and organizations to manipulate individuals into
disclosing personal information.
Addressing phishing is a formidable task due to the vast array and ever-evolving nature
of these attacks. Attackers persistently adapt their strategies, employing various methods to
bypass security measures and mislead users. They may employ fabricated websites, deceptive
emails, or phone calls to entice individuals into providing login credentials or other confidential
details. In certain instances, they may even impersonate trusted entities like colleagues,
government agencies, or financial institutions to lend an air of legitimacy to their schemes.
Furthermore, individuals are frequently preoccupied and distracted in their daily lives,
rendering them susceptible to social engineering tactics. For instance, when pressed for time or
faced with seemingly urgent or crucial emails, people are more prone to clicking on links without
thorough scrutiny. Additionally, many individuals may not fully comprehend the risks associated
with phishing, potentially neglecting precautions to safeguard themselves.
To mitigate the risk of falling victim to phishing scams, organizations must prioritize
awareness and provide comprehensive training to their employees on how to recognize and
thwart such attacks. This involves furnishing resources and practical guidance on how to respond
effectively to phishing emails and other deceptive tactics.
The Problem
The importance of phishing training cannot be overstated, as it plays a crucial role in
educating users on how to steer clear of falling prey to scams. Nevertheless, the prevailing
approach to phishing training frequently overlooks the diverse learning styles, levels of
knowledge, and behavioral tendencies unique to everyone. This oversight can lead to
ineffectiveness for certain users, potentially fostering a misguided confidence and heightening
the risk of falling victim to phishing attacks. The table below illustrates the stark increase in such
incidents from 2019 onward.
Image 5.1: The amount of malware and phishing sites throughout the years
(source: Google Safe Browsing)
One significant challenge with existing phishing training is its rigidity and lack of
adaptability. It often offers generic information that may not cater to the unique needs and
situations of individual users. Consider, for instance, varying levels of technological proficiency
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
among users or different job responsibilities necessitating distinct approaches to handling
sensitive information. To truly make an impact, phishing training should acknowledge and
address these disparities by offering personalized information and tailored guidance.
Furthermore, recent research findings have overturned previous assumptions, indicating that
younger individuals are more susceptible to these schemes than previously thought.
Image 5.2: Probability of users falling for phishing schemes
(Source: ETH Zurich, Dept of Computer Science)
Moreover, a significant issue with many current training programs lies in their passive
delivery methods, such as online modules or videos, which may fail to fully engage users and
provide ample opportunities for practice and feedback. This observation aligns with a
comprehensive study highlighted in TechRepublic, which noted, "A new study at unprecedented
scale revealed that embedded phishing training in simulations run by organizations doesn't work
well" (TechRepublic, 2022). The study involved presenting users with various methods to
discern if an email was potentially malicious. Relying solely on passive training methods can
result in reduced retention and an inability to apply the training effectively in real-world
scenarios. To tackle this challenge, training programs should adopt interactive and stimulating
approaches, like simulations or games, that foster active learning and offer immediate feedback.
Furthermore, a prevalent shortcoming in current phishing training is its tendency to
primarily emphasize awareness, neglecting to furnish practical guidance on recognizing and
responding to phishing attacks. This can foster a false sense of security, with users assuming they
can reliably detect phishing emails, even though they may still fall prey to more sophisticated
tactics. Effective phishing training should not only heighten awareness but also provide hands-on
guidance on how to discern and thwart phishing attempts. This encompasses clear procedures for
reporting suspicious incidents and verifying the authenticity of requests for sensitive information.
Finally, to fortify phishing training efforts, there is a pressing need for ongoing coaching
and feedback mechanisms to ensure users remain vigilant and well-informed about the latest
threats and best practices. This may involve regular training sessions, simulated phishing attacks,
and real-time assessments of user behavior to pinpoint areas for improvement.
In essence, phishing training must be tailored to the unique needs and circumstances of
each user, incorporating interactive and captivating methods to encourage active learning, and
offering practical guidance on how to recognize and respond to phishing attacks. Additionally, it
should evolve through continuous training and feedback loops to guarantee that users remain
vigilant and stay current with the latest threats and best practices.
A Potential Solution
Another critical facet of successful phishing training revolves around the timely updating
of training materials to reflect the most current phishing trends and techniques. The landscape of
phishing tactics is in a constant state of flux, with malicious actors continually refining their
methods. Consequently, training initiatives must encompass the latest advancements in phishing,
covering a spectrum of attack vectors and imparting the knowledge necessary to identify and
counter them.
Furthermore, accessibility and availability of training are paramount. This can be
achieved through a diverse array of delivery methods, ranging from in-person training sessions
and webinars to online tutorials and mobile applications. To cater to different learning
preferences, training materials should be offered in various formats, including audio, video, and
text.
To amplify the effectiveness of training, active involvement of employees is crucial. They
should be encouraged to pose questions and share their own encounters with phishing attempts.
This feedback loop can pinpoint areas where training may need enhancement, resulting in
continual improvement. Employees should also be empowered to promptly report any suspicious
emails or incidents to their IT security teams, and the training should furnish clear guidance on
how to do so.
Lastly, cultivating a culture of security within the organization is imperative. Training
should underscore the gravity of cybersecurity and instill a sense of ownership in employees for
their own digital safety. It is paramount that employees grasp the potential repercussions of
falling prey to a phishing attack, with the training underscoring that each individual plays a
pivotal role in fortifying the organization against cyber threats.
In summation, effective phishing training ought to be tailored to the specific needs of
each user, employing interactive and captivating methods, furnishing pragmatic guidance,
evolving through ongoing training and feedback, and staying abreast of the latest phishing trends
and techniques. By fostering a culture of security and engaging employees in the training
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
process, organizations can substantially diminish the risk of succumbing to phishing attacks,
thereby safeguarding both their workforce and sensitive data.
Summary
We delved into the shortcomings of existing phishing training programs and put forth a
potential remedy to enhance their effectiveness. The prevailing issue lies in their one-size-fits-all
approach, which overlooks the diverse learning styles, knowledge levels, and behavioral
tendencies of individual users. These programs often employ passive delivery methods and
concentrate solely on creating awareness, neglecting to furnish actionable guidance on
recognizing and thwarting phishing attacks.
For phishing training to yield meaningful results, it must be customized to suit the unique
circumstances and needs of each user. This involves employing interactive and captivating
techniques that promote active learning and hands-on participation. Furthermore, it necessitates
the provision of practical advice on identifying and responding to phishing attempts. To complete
the training loop, a system of ongoing education and feedback must be established to ensure
users stay vigilant and up to date on the latest threats and best practices. Through the adoption of
these optimal strategies, organizations can significantly mitigate the risk of falling victim to
phishing attacks, thereby safeguarding both their workforce and sensitive data.
References
Ackerman, R. (2022, April 26).
2021 was another Big Year for hackers and
Cyberthreats
. RSAConference. Retrieved May 4, 2023, from
https://www.rsaconference.com/library/blog/2021-was-another-big-year-for-hackers-and-
cyberthreats
Tessian. (2023, April 10).
Phishing statistics 2020 - Latest Report: Tessian Blog
.
Tessian. Retrieved May 4, 2023, from
https://www.tessian.com/blog/phishing-statistics-
2020/#:~:text=The%20increase%20in%20phishing%20attacks,as%20the%20primary
%20infection%20vector
FBI: Cybercrime losses tripled over the last 5 years
. WeLiveSecurity. (2021,
March 18).
https://www.welivesecurity.com/2020/02/13/fbi-cybercrime-losses-tripled-
last-5-years/
Pernet, C., Staff, T. R., Crouse, M., Partida, D., Corrales, E., Ayuya, C., & Kaelin,
M. W. (2022, January 13).
New study reveals phishing simulations might not be effective
in training users
. TechRepublic. Retrieved May 4, 2023, from
https://www.techrepublic.com/article/new-study-reveals-phishing-simulations-might-not-
be-effective-in-training-users/
What is phishing?: Microsoft security
. What is Phishing? | Microsoft Security.
(n.d.). Retrieved May 4, 2023, from
https://www.microsoft.com/en-
us/security/business/security-101/what-is-phishing?
&ef_id=_k_Cj0KCQjwr82iBhCuARIsAO0EAZxEbPmiP1aZTLmnS41Jc7oxBLLznFDd
LiMkuZJ57camGz45yx_fAQ8aAt9yEALw_wcB_k_&OCID=AIDcmmdamuj0pc_SEM_
_k_Cj0KCQjwr82iBhCuARIsAO0EAZxEbPmiP1aZTLmnS41Jc7oxBLLznFDdLiMkuZ
J57camGz45yx_fAQ8aAt9yEALw_wcB_k_&gclid=Cj0KCQjwr82iBhCuARIsAO0EAZ
xEbPmiP1aZTLmnS41Jc7oxBLLznFDdLiMkuZJ57camGz45yx_fAQ8aAt9yEALw_wc
B
Simister, A. (2022, November 24).
10 ways to prevent phishing attacks
. Lepide
Blog: A Guide to IT Security, Compliance and IT Operations. Retrieved May 4, 2023,
from
https://www.lepide.com/blog/10-ways-to-prevent-phishing-attacks/
Hebert, A., Hernandez, A., Perkins, R., & Puig, A. (2022, October 25).
How to
recognize and avoid phishing scams
. Consumer Advice. Retrieved May 4, 2023, from
https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
FBI. (2020, April 17).
Spoofing and phishing
. FBI. Retrieved May 4, 2023, from
https://www.fbi.gov/how-we-can-help-you/safety-resources/scams-and-safety/common-
scams-and-crimes/spoofing-and-phishing
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help