Phishing: How an Organization can Protect Itself

The objective of this paper is to report on research to construct a model, which should provide guidance to an organization on how to address all dimensions associated with phishing and assist in solving the problem holistically. The emphasis will be placed on the human and organizational dimensions. Most research in this area has shown that only certain dimensions used to combat phishing attacks, in an organization, are addressed in isolation and not holistically. Anti-phishing research literature studied has either focused on algorithms for detecting phishing attacks in web browsers (Egelman, 2008; Fette, 2007; Garera, 2007; Patel, 2007) or on evaluating the user interfaces of anti-phishing web browser toolbars (Wu, 2006). From research studied, there has been little work conducted on preventing users from falling for phishing email messages. It has been proven that phishing does indeed pose an ongoing threat to an organization through its employees. Therefore, a suitable solution to this problem should be devised. This paper attempts to present such a holistic solution in the form of a model.