Full text loading...
-
Human risk factors in cybersecurity
Experimental assessment of an academic human attack surface
- Source: Interaction Studies, Volume 24, Issue 3, Dec 2023, p. 437 - 463
-
- 18 Aug 2022
- 22 Jul 2023
- 15 Feb 2024
Abstract
Abstract
This article presents an experimental analysis of several cybersecurity risks affecting the human attack surface of Fairmont State University, a mid-size state university. We consider two social engineering experiments: a phishing email barrage and a targeted spearphishing campaign. In the phishing experiment, a total of 4,769 students, faculty, and staff on campus were targeted by 90,000 phishing emails. Throughout these experiments, we explored the effectiveness of three types of phishing awareness training. Our results show that phishing emails that make it through IT’s defenses pose a clear and present threat to large educational organizations. Moreover, we found that simple, visual, instructional guides are more effective training tools than long documents or interactive training.