Educational Training and Simulation Scenarios to Improve Knowledge on Phishing Security Risks

According to Information System Authority (RIA) latest report Phishing is the most significant security risk in Estonia. It impacts various economic sectors, from financial (bank account phishing) to healthcare services (account credentials phishing). Thus, to avoid financial and information losses, computer and information system users should have the skills, knowledge, and competencies to recognise phishing attacks and react proactively to decrease their impact. 

To tackle this challenge, the CyberPhish consortium has developed online learning material, educational simulation scenarios and a self-evaluation knowledge system that help people to learn about phishing and its impact and become capable of identifying and responding to phishing attacks in the correct manner. 

The training material introduces cybersecurity, overviews cybersecurity within the European Union, explains the principles of social engineering and phishing attacks, and describes how to handle cybersecurity attacks. The educational simulation scenarios illustrate different weapons of influence, including unity, liking, consensus, consistency, authority, scarcity, and reciprocation. 

Recently the pilot training was performed at the University of Tartu, where 36 Cybersecurity and Erasmus+ students took the training. Future specialists must be aware of this risk, be ready to react, and be able to teach others about its impacts. The participants were young specialists both in cybersecurity and computer science and were able to comment on the deficiencies of both the course contents and the developed software platform. The pilot was also a part of the "Principles of Secure Software Design" course. 

Phishing is yet another type of attack. Thus, similar principles (like in other security risks) were illustrated through the given pilot training, scenarios, and risk recognition. The participants reported a positive training experience. "I got an excellent overview of various topics related to cyber security and cyber hygiene", expresses one participant. Another said that the simulations allowed us to test skills in phishing attack detection and improve based on the simulations' feedback. "The course materials enhanced the knowledge about tendencies in cybersecurity and background of phishing threats," told the student.

In October, the University of Tartu will organise the CyberPhish multiplier event to introduce the project results.

More information on the CyberPhish project can be found here. The training platform is available here. 

This project has been funded with support from the European Commission. This publication [communication] reflects the views only of the author, and the Commission cannot be held responsible for any use which may be made of the information contained therein.

Image