Authors: Sandisiwe Mahonga; Mariana Gerber
Addresses: Department of Information Technology, Nelson Mandela Metropolitan University, Port Elizabeth 6000, South Africa ' Department of Information Technology, Nelson Mandela Metropolitan University, Port Elizabeth 6000, South Africa
Abstract: Phishing attacks have become a perpetual threat to organisations and internet users in general. Phishing websites and emails impersonating well known entities are launched frequently, with the intention of tricking unsuspecting employees to give out sensitive information, such as their login details in order to acquire access to corporate networks. Various solutions have been developed to combat phishing. However, security experts and phishing attackers are in a race because phishing attacks are becoming increasingly refined - as new solutions are developed. Reports have indicated that phishing attacks now target certain job roles, such finance, rather than other job roles, such as information technology. Therefore, it may be argued that the employees in an organisation may be more susceptible to phishing attacks, on account of their job role. A critical analysis of previous phishing studies was conducted, using the conscious competence learning matrix. To address the identified problem, as well as the analysis of the two studies conducted, this paper discusses proposed guidelines for advancing employees within an organisation from a state of unconscious incompetence where they do not know of the existence of phishing and their incompetence, to state of unconscious competence relative to their job roles.
Keywords: information security; information security awareness; information security education; phishing.
International Journal of Education Economics and Development, 2017 Vol.8 No.2/3, pp.176 - 190
Received: 22 Nov 2016
Accepted: 23 Mar 2017
Published online: 23 Aug 2017 *