Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.4.847

A Study on Human Vulnerability Factors of Companies : Through Spam Mail Simulation Training Experiments  

Lee, Jun-hee (Graduate School of Information Security, Korea University)
Kwon, Hun-yeong (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.4, 2019 , pp. 847-857 More about this Journal
Abstract
Recently, various cyber threats such as Ransomware and APT attack are increasing by e-mail. The characteristic of such an attack is that it is important to take administrative measures by improving personal perception of security because it bypasses technological measures such as past pattern-based detection The purpose of this study is to investigate the human factors of employees who are vulnerable to spam mail attacks through field experiments and to establish future improvement plans. As a result of sending 7times spam mails to employees of a company and analyzing training report, It was confirmed that factors such as the number of training and the recipient 's gender, age, and workplace were related to the reading rate. Based on the results of this analysis, we suggest ways to improve the training and to improve the ability of each organization to carry out effective simulation training and improve the ability to respond to spam mail by awareness improvement.
Keywords
experiment; phishing; training; spam mail; security awareness;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Sohn Yu-Seung, Nam Kil-Hyun, and Goh Sung-Cheol, "On the administrative security approaches against spear phishing attacks", J. Korea Inst. Inf. Commun, Vol.17, No.12, pp. 2753-2762, 2013.
2 Yoon Duck-sang, Lee Kyung-ho, and Lim Jong-in, "A Study on the Change of Capability and Behavior against Phishing Attack by Continuous Practical Simulation Training," Vol.27, No.2, pp. 267-279, Apr. 2017.   DOI
3 Alejandra Diaz, Alan T. Sherman, and Anupam Joshi, "Phishing in an Academic Community: A Study of User Susceptibility and Behavior," cornel univ, arXiv:1811.06078, Nov. 2018.
4 S. Sheng, M. Holbrook, P. Kumaraguru, L.F. Cranor, and J. Downs, "Who Falls for Phish? A Demographic Analysis of Phishing Susceptibility and Effectiveness of Interventions," Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 373-382, Apr. 2010.
5 Jamshaid G. Mohebzada, Ahmed El Zarka, Arsalan H. Bhojani, and Ali Darwish, "Phishing in a university community: Two large scale phishing experiments," 2012 International Conference on Innovations in Information Technology (IIT), Mar. 2012.
6 Arun Vishwanath, Tejaswini Herath, Rui Chen, Jingguo Wang, and H.R. Rao "Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model," Decision Support Systems archive, Vol. 51, no.3, pp. 576-586, June, 2011.   DOI
7 KISA, "Cyber Security Issue Report 1Q", Apr. 2019.
8 Tom N. Jagatic, Nathaniel A. Johnson, Markus Jakobsson, and Filippo Menczer, "social phishing," Communications of the ACM, Vol. 50, No. 10, pp 94-100, Oct. 2007.   DOI
9 Jingguo Wang, Tejaswini Herath, Rui Chen, Arun Vishwanath, and H.R. Rao, "Phishing Susceptibility: An Investigation Into the Processing of a Targeted Spear Phishing Email," IEEE Transactions on Professional Communication, Vol.55, no.4, pp. 345-362, Aug. 2012.   DOI
10 NIS, government etc. "National Information security white paper", 2018.
11 NIS, "National Information Security Basic Guidelines", 2018.
12 Korea Communications Commission, "Information Networking Guide for Anti-Spam Protection," Sep. 2015.
13 Lee doyeon, "The Effect of Punishment and Training on Information Security Policy Compliance Behavior: The Empirical Analysis through Field Experiments," master dissertation, yonsei university, Dec. 2017.
14 proofpoint, "understanding email fraud," https://cdw-prod.adobecqms.net/content/dam/cdw/on-domain-cdw/brands/proofpoint/survey-of-understanding-email-fraud.pdf, Jan. 2018.
15 Ahnlab, "How to avoid persistent spear phishing!,"https://www.ahnlab.com/kr/site/securityinfo/secunews/secuNewsView.do?curPage=1&menu_dist=2&seq=21905&dir_group_dist=0,Dec. 2013.
16 Kim kyoungah, "The beginning of APT attack Knowing Spear Phishing," https://www.boannews.com/media/view.asp?idx=38916, Dec. 2013.
17 Moon gunwoong, "Relationship between information security activities of enterprise and infringe : the center of effects of information security awareness," master dissertation, korea university, Jun. 2017.
18 Burcu Bulgurcu, Hasan Cavusoglu, and Izak Benbasat "Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness," MIS Quarterly Vol.34 , no. 3, pp. 523-548, Sep. 2010.   DOI
19 Lim chaeho, " Effective information protection awareness plan", Journal of Information Security, 16(2), pp. 30-36, Apr. 2006.