Social Engineering holds one of the most critical threats to public and private organizations. In this paper we focus onphishing threats by measuring the positive impact that awareness methods may provide to them in a long-term period tocompanies and public bodies. The assessment criterion uses two phishing attacks in a period of 18 weeks. The phishingattack comprises a hook mail containing a link to a credentials harvesting website. Users’ reaction and user agentfingerprints are used in order to calculate a risk score for each victim. By applying chi square – tests it was found thatthere is a statistically significant score improvement for participants that were trained via the awareness methods.Furthermore, a risk analysis is conducted to identify, quantify and prioritize potential risks that could negatively affectthe end-user’s operations. The main idea concerning this proposed technique is the fact that the assessment methods canassist the employees to develop skills and abilities in order to use the digital world safely, avoiding phishing attacks. Therisk analysis findings indicate that the awareness approach has significant improvement in long term lasting riskreduction. The study was conducted as part of the European Horizon 2020 DOGANA project which aims to deployeffective mitigation strategies and lead to reduce the risk created by modern Social Engineering 2.0 attack techniques.The results obtained in this paper corroborate the results obtained by the EU funded project SAINT from theeconometric analysis and modeling of the cybercrime and cyber security markets.
展开▼
