Developing a measure of information seeking about phishing

This article discusses the mitigation measures that can be taken to avoid the issues associated with phishing emails. If it is unclear, phishing emails "rely on exploiting the behavior of legitimate users to circumvent cybersecurity controls". A main mitigation for phishing is awareness campaigns that try and educate the general public on how to avoid phishing emails, but the development of spear phishing, which uses personal information, makes this incredibly difficult. These researchers investigated how intentional users were about avoiding phishing and how this affected their ability to accurately report phishing attempts. They ultimately concluded that the more intentional a user is about avoiding efficiency, the better equipped they were to minimize a perceived threat. This raises an interesting topic of using educational campaigns as a protection against cyber security. This article would suggest that better preparing your employees about the means of cyber attacks and the prevention methods makes you overall more prepared to fight off a cyber attack. This is an interesting development as it is not at all a technological counter development, but a personnel development which illustrates the multi-faceted nature of cybersecurity.