Samenvatting
Phishing attacks are increasingly more sophisticated, with attackers exploiting publicly available information on their targets to personalize their attacks. Although an increasing body of research has investigated the effectiveness of tailored phishing campaigns, researchers have primarily focused on large enterprises. Company size, composition, and resource availability (e.g., of security experts or a phishing response team handling incidents) play an important role in the studied dynamics. However, whether the same also applies to small and medium-sized enterprises (SMEs), which typically do not have those resources, is unclear. On the other hand, studying SME security is hard as they generally have no expertise in-house to run the required experiments. This work provides a first study filling this gap by investigating the effectiveness of tailored phishing campaigns against an SME IT company in Europe. To this end, we conducted a field experiment targeting 30 employees at an SME and, subsequently, interviewed nine employees to understand the cognitive processes underlying the detection and response of our phishing campaign as well as the group defense mechanisms at the SME. Our findings show that expectation mismatch was the primary method for detecting our phishing email and that the collective defense mechanism enabled a surprisingly prompt response and containment of the attack, possibly, due to the network dynamics of a small company.
Originele taal-2 | Engels |
---|---|
Titel | Proceedings - 8th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2023 |
Uitgeverij | Institute of Electrical and Electronics Engineers |
Pagina's | 232-243 |
Aantal pagina's | 12 |
ISBN van elektronische versie | 9798350327205 |
DOI's | |
Status | Gepubliceerd - 2023 |
Evenement | 8th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2023 - Delft, Nederland Duur: 3 jul. 2023 → 7 jul. 2023 |
Congres
Congres | 8th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2023 |
---|---|
Land/Regio | Nederland |
Stad | Delft |
Periode | 3/07/23 → 7/07/23 |
Bibliografische nota
Publisher Copyright:© 2023 IEEE.