Taxonomy of Cybersecurity Awareness Delivery Methods: A Countermeasure for Phishing Threats

Abstract

Phishing is a serious threat to the Internet users and has become a vehicle for cybercriminals to perpetrate large-scale crimes worldwide. A wide range of technical and educational measures have been developed and used to address phishing threats. However, the technical anti-phishing measures have been widely studied in the current literature whereas comprehensive analysis of the non-technical anti-phishing techniques has generally been ignored. To close this gap, we develop a new taxonomy of the most common cybersecurity training delivery methods and compare them along various factors. The work reported in this paper is useful for various stakeholders. For organizations conducting or considering phishing training, it helps them understand the various awareness training and phishing campaigns capabilities and design an appropriate program with a meaningful return. For researchers, it offers a clearer understanding of the main challenges, the existing solution space, and the potential scope of future research to be addressed.