An expert assessment of corporate professional users to measure business email compromise detection skills and develop a knowledge and awareness training program

Shahar Aviv, Yair Levy, Ling Wang, Nitza Geri

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Cybercrime against organizations is a daily threat and targeting companies of all sizes. Cyberattacks are continually evolving and becoming more complex. Cybercriminals utilize email attacks as their most used method to compromise corporations for financial gain. Email attacks have evolved into sophisticated scams which target businesses that conduct wire transfers as part of their business operations. The FBI has announced a new evolution of email attacks called Business Email Compromise (BEC) scams which utilize social engineering, phishing, and email hacking to manipulate employees into conducting fraudulent wire transfers. The goal of this study was to use cybersecurity experts to validate the BEC detection measurement criteria for user skills and an awareness training program amongst corporate professionals. BEC attacks have attributed to over $26 billion in financial losses across the globe and are continually increasing. A Delphi methodology was utilized to attain feedback from 30 cybersecurity experts to develop and validate the BEC detection measure and awareness training. Results show that there are four contributing attributes to BEC detection: email authenticity detection skills, malicious mobile application detection skills, ability to detect mobile malware indicators, and the ability to detect phishing emails. The research study concludes with discussions and future research recommendations.
Original languageAmerican English
Title of host publicationWISP 2019 Proceedings
Subtitle of host publicationPre-ICIS Workshop on Information Security and Privacy (SIGSEC)
PublisherAssociation for Information Systems
Number of pages16
StatePublished - 2019

Keywords

  • Cybersecurity skills; phishing; business email compromise (BEC), mobile malware

Fingerprint

Dive into the research topics of 'An expert assessment of corporate professional users to measure business email compromise detection skills and develop a knowledge and awareness training program'. Together they form a unique fingerprint.

Cite this