Why organisations fall victim to phishing attacks (and what to do about it)
UNSW Business School's Dr Yenni Tim speaks with Bianca Wirth, Director – Cyber & National Security Strategy & Governance Lead at KPMG Australia, about how organisations can prevent their employees from falling victim to cyber-attacks
Bianca Wirth: I think that phishing is one of the major issues that organisations face today, because it's a human-based issue. It's human-based security, essentially. And it can be human error that triggers a phishing attack on your organisation.
So I think that what we wanted to do was understand, is there a better way or a different way to approach the problem of phishing? You're dealing with people's personalities and you're dealing with the psychology that malicious actors inflict on people when they send out phishing emails or phishing texts, or voice phishing (vishing as it's called).
So I think that that's quite challenging for traditionally technology-focused or solution-focused divisions like IT and security. And I think that we wanted to take an innovative approach to looking at phishing to understand how else can we do this? What's another way to help complement the technology, and people education and awareness?
Data analytics was used as a method of understanding how resilient are people to phishing, or how susceptible are they to phishing. And I think was really interesting that we were able to use machine learning to identify, ‘is this actually going to work? Can we tell why people are actually clicking on phishing emails?’ And so that was kind of the purpose of using the data to enable the machine learning.
And we and we got a lot out of going through this to understand where the benefits are. And we definitely saw the benefits in terms of understanding. Okay, so maybe people are clicking on phishing if they're on a mobile device, or maybe they're clicking on phishing, because they're contractors and they're not getting the education and awareness that our full-time staff have.
So I think that was really beneficial. But then we discovered other areas around, ‘so it doesn't give us all the answers. It's not the magic solution.’ So it was really beneficial to try that out and determine how we could use that method potentially in the future.
Bianca Wirth is Director – Cyber & National Security Strategy & Governance Lead at KPMG Australia. For more information read 3 ways data helps tackle phishing and other cyber security threats or please contact Dr Yenni Tim, Senior Lecturer in the School of Information Systems and Technology Management at UNSW Business School.