Actionable Recommendations from Cybersecurity Research Series: Spear phishing in a barrel
Since assuming the role of Senior Editor of the Journal of Organizational Computing and Electronic Commerce in January 2018, I have thoroughly enjoyed managing the development of some excellent cybersecurity research papers. A highly proactive review team of distinguished practitioners and academics have helped with the review process and I am forever grateful to them. I plan to share, on an ongoing basis, some actionable recommendations (provided by the lead author) from the accepted papers.
Paper Title: Spear phishing in a barrel: Insights from a targeted phishing campaign
Authors: A. J. Burns, Baylor University; M. Eric Johnson, Vanderbilt University; Deanna D. Caputo, The MITRE Corporation
Accepted for publication in the Journal of Organizational Computing and Electronic Commerce. Forthcoming in 2019.
Actionable Recommendations
- Train employees to identify phishing emails.
- Frame training to enhance its personal relevance (e.g., frame in terms of personal loss).
- Teach employees about adversarial reconnaissance risks.
- Build herd immunity through enhanced organizational training and communication.
- Make organizational resources (e.g., training materials, IT help desk attendants) readily available to employees.
- Create policies and procedures that encourage employees to report phishing attacks.