Emory Corporate Governance and Accountability Review

Article Title

Posted: No Phising


Any engineering approach to cybersecurity must recognize that many breaches are the result of human behavior, rather than sophisticated malware. Effective cybersecurity defenses require a systematic engineering approach that recognizes the organizational, cultural and psychological barriers to effectively dealing with this problem. The U.S. Securities and Exchange Commission (SEC) defines “phishing” as, “the use of fraudulent emails and copy-cat websites to trick you into revealing valuable personal information—such as account numbers for banking, securities, mortgage, or credit accounts, your social security numbers, and the login IDs and passwords you use when accessing online financial service providers.” Once this information is fraudulently obtained, it may be used to steal your identity, money, or both. A review of the literature reveals an alarming lack of attention to the prevalent threat of low-technology, or low-complexity phishing attacks. Accordingly, here is a primer on the prominent exploit known as phishing, illustration of several cases, and the necessity for organizational and societal education of data users as to appropriate computer hygiene. Much of the literature about cyberattack addresses technical aspects of computer code, encryption, and bad actor attribution. Yet human behavior remains a significant source responsible for successful cyber intrusions. Your authors believe this Article provides a valuable discussion about the human factors that very often comprise a back-door entryway into data systems.