ABSTRACT

Phishing attacks are costly for both organizations and individuals, yet existing academic research has provided little guidance on how to strategize and implement a combined phishing awareness and training campaign. Drawing on operant conditioning theory, we conduct an in-depth case study on a large phishing awareness campaign and reveal that phishing awareness is a learning process through which individuals’ behavior can be strengthened by reinforcement and punishment. Based on the case study findings, we present several propositions for cybersecurity stakeholders. This study contributes to the phishing awareness literature and has implications for research and practice. This paper is useful for organizations planning or in the process of implementing or reviewing a phishing awareness and education program.

摘要

网络钓鱼攻击对组织和个人来说都是昂贵的，但现有的学术研究几乎没有提供关于如何制定和实施网络钓鱼意识和培训相结合的活动的指导。借鉴操作性条件反射理论，我们对大型网络钓鱼意识活动进行了深入的案例研究，并揭示网络钓鱼意识是一个学习过程，通过该过程可以通过强化和惩罚来加强个人的行为。根据案例研究结果，我们为网络安全利益相关者提出了几个建议。这项研究有助于提高网络钓鱼意识的文献，并对研究和实践产生影响。本文对于计划或正在实施或审查网络钓鱼意识和教育计划的组织非常有用。