- Provide the citation and attach a pdf of the article.
Chatchalermpun, S., & Daengsi, T. (2021). Improving cybersecurity awareness using phishing attack simulation. IOP Conference Series. Materials Science and Engineering, 1088(1), 12015. PDF
2. What is the abstract of the article?
This paper aims to present a case study of the cybersecurity awareness level of the workers in a financial institution in Thailand. In this study, there were 2 phases of cyber drills using a spear-phishing email. The first phase was conducted with more than 20,300 workers. It was found that there were 23.25% of potential victims. However, the second phase was conducted four months later with more than 20,200 workers after performing knowledge transfer. The number of workers who opened phishing emails in the second phase decreased to 6.76% only. Therefore, it can be indicated that an appropriate cybersecurity knowledge transfer can reduce a large number of potential victims and cyber threats that may occur in such organizations.
3. Was the study experimental or non-experimental? Explain, tell us what made that clear.
The study for improving cybersecurity awareness was non-experimental because it validates existing condition of the awareness of cybersecurity for Thailand workers.
4. What was the population studied? Why do you say that?
The population studied for this article was workers in a financial institution in Thailand. I say this because it is explained what the population is in the abstract.
5. What sample was used for this study?
The sample for this study was 20,340 Thailand workers for the first attempt and 20,260 after the knowledge transfer.
6. What was the method of measurement?
The methods used in this study were tables and multiple pie chart to visualize the data collected.
-
- If the research was quantitative, was the measurement scale used, Nominal, Ordinal, Interval, or Ratio? The measurement scale that was used in this study was nominal in that the actions of the workers to the phishing was labeled. Interval was also used in that it showed the change rate for each action in the two different studies they performed.
7. What was the method of analysis? (10 pts)
- If the research was quantitative, what statistical tools were used to analyze the data? The researchers used the pie charts to show the percentage of workers that did a certain action when they have received a phishing email before and after the knowledge transfer. They also used a table to show the change rate of those actions from one study to the next.
8. What was the conclusion of the study?
The researchers concluded that cyber drills and cybersecurity knowledge transfers can in fact improve the awareness of cybersecurity in the financial institution. This in turn can help reduce potential threats as well as increase the reports of these attacks.
9. Why is this study useful to you?
This study was useful to me because I was curious of how many people actually are aware of cyber attacks. This study helped me ensure how a certain percentage of people would react to cyber attacks.
10. What would be the next logical step in extending this study?
The next logical step for this study would be to expand to other countries as well as other fields of expertise to compare the results.
I used to work for a large IT company and they would often send out phishing campaigns to understand threat levels. Sometimes there were real ones that would have to be reported to high level security teams. I mention this to say that I agree with you about seeing this type of study done in different fields of industry. I think industries like manufacturing and medical pose a lot of risk because of the levels of data and information like people’s personal health information. As we move into a more digitized age, it’s going to be important to understand how to spread information about internet safety at work.