Title: A Comparative Analysis between Technical and Non-Technical Phishing Defences

Issue Number: Vol. 10, No. 1
Year of Publication: March - 2021
Page Numbers: 28-41
Authors: Joseph C. Brickley, Kutub Thakur, Abu S. Kamruzzaman
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong


Phishing attacks are a form of social engineering attacks which are designed to extract sensitive information through email and are a growing problem in today’s world. The cost of falling victim to a Phishing attack could not only cause immediate financial harm, but it can cost the company at risk to tarnish its reputation and expose valuable information and data. This study compared technical and non-technical defenses that combat Phishing as a whole to determine what defense should be used. Using existing literature to compare what other scholars have found and in an un-biased way determine which defense type is better at combating Phishing as a whole. The findings pointed in the direction of non-technical defenses, as users often ignored indicators produced by technical defenses. When technical defenses blocked users from receiving Phishing attempts, the user often lacked awareness and training to properly determine a Phishing attack. In conclusion, a multi defense approach should be put in place with a focus on non-technical controls such as user training, and specifically game-based training, to complement technical defenses such as ProofPoint, Barracuda Sentinel and Anti-Phishing software.