Enhancing Cybersecurity Awareness Training: A Comprehensive Phishing Exercise Approach

摘要

Email communications is a critical service in nearly every aspect of business and personal activities. A person's email address is the online identity most relied upon for reliable and accountable communications. Banking, health and recreational activities conducted online in most cases depend on a person possessing and actively maintaining an email address. Unfortunately, email inherently possesses security shortcomings that enable malicious actors to commit fraud through phishing emails. Technology solutions do not entirely solve this issue, and the users themselves require training on how to identify and respond to suspected phishing emails. A structured and comprehensive phishing exercise training program can (1) reduce the probability of a cybersecurity compromise originating from fraudulent emails and (2) improve the overall cybersecurity posture.