Featured Product
This Week in Quality Digest Live
Management Features
Elliot Dratch
What’s your plan for growth?
Dawn Bailey
MESA’s business involves excavating and working on high-pressure pipelines carrying hydrocarbon liquids and gas
Kimberly Merriman
At issue are scant remote-work resources, updated policies on flexibility, and communication from leadership
Michael Lee Stallard
How important—and challenging—our human relationships can be
Carlos Valdes-Dapena
Follow these three simple rules to address team dysfunction

More Features

Management News
Siemens introduces PCBflow, a secure, cloud-based solution for accelerating design-to-manufacturing handoff for printed circuit boards
Includes global overview and new additive manufacturing section
Tech aggravation can lead to issues with employee engagement, customer experience, and business results
Harnessing the forces that drive your organizations success
Free education source for global medical device community
New standard for safe generator use created by the industry’s own PGMA with the assistance of industry experts
Provides synchronization, compliance, traceability, and transparency within processes
Galileo’s Telescope describes how to measure success at the top of the organization, translate down to every level of supervision
Too often process enhancements occur in silos where there is little positive impact on the big picture

More News

NIST

Management

You’ve Been Phished!

Context plays a critical factor in why users click on a phishing email

Published: Thursday, August 16, 2018 - 12:02

Organizations worldwide stand to lose an estimated $9 billion in 2018 to employees clicking on phishing emails. We hear about new phishing attacks regularly from the news and from our friends. So why do so many people still click? NIST research has uncovered one reason, and the findings could help CIOs mount a better defense.

The findings—distilled in the brief video below—reveal that context plays a critical factor in why users click or don’t click on a phishing email. The more the context of the message seems relevant to a person’s life or job responsibilities, the harder it is for them to recognize it as a phishing attack.

Organizations can improve their defense strategies by considering the team’s broader findings, which are based on more than four years of data gathered by the NIST team in a real-world work environment. By studying not just which deceptive emails led some employees to click, but the reasons why they clicked, the team found that employees are more likely to click on links and attachments when the premise of the email matches their work responsibilities. These email users were concerned about failing to be responsive to their job duties.

Punishing—or even firing—such conscientious employees who fall for scams is not the best approach. Instead, CIOs should try to build an organization of engaged users. If an organization looks more closely at their own data on click rates and reporting rates, it can use this information to improve both human user training and the electronic filters that attempt to identify phishing emails.

A new article in IEEE Computer written by the research team offers a complete set of recommendations for CIOs, and a paper forthcoming from a presentation at this year’s USEC conference provides details on the research methods and results.

Discuss

About The Author

NIST’s picture

NIST

Founded in 1901, The National Institute of Standards and Technology (NIST) is a nonregulatory federal agency within the U.S. Department of Commerce. Headquartered in Gaithersburg, Maryland, NIST’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.