Indonesian SMEs and Cybersecurity: Developing Instrument to Test SMEs Owners’ Capability in Detecting Phishing Emails

Abstract

In recent years, phishing attacks have gotten more complicated and harder to detect. Technology-based preventative approaches have become utterly ineffective. Users of electronic mails are eventually the most essential factor in identifying phishing scams. Small and medium-sized enterprise (SMEs) are more susceptible to spear-phishing attacks as their reliance of internet-based services increases, yet most of them lack skills in implementing preventive measures against phishing. This study identified the characteristics of phishing emails and designed an instrument to assess the level of individual knowledge in detecting various phishing messages. This instrument is primarily designed for SMEs. The instrument is to be used not only as a testing tool for phishing detection skills, but also as the foundation for generating training materials or phishing detection guidelines for SMEs