Impact Analysis of Resilience Against Malicious Code Attacks via Emails

Abstract

The damage caused by malicious software is increasing owing to the COVID-19 pandemic, such as ransomware attacks on information technology and operational technology systems based on corporate networks and social infrastructures and spear-phishing attacks on business or research institutes. Recently, several studies have been conducted to prevent further phishing emails in the workplace because malware attacks employ emails as the primary means of penetration. However, according to the latest research, there appears to be a limitation in blocking email spoofing through advanced blocking systems such as spam email filtering solutions and advanced persistent threat systems. Therefore, experts believe that it is more critical to restore services immediately through resilience than the advanced prevention program in the event of damage caused by malicious software. In accordance with this trend, we conducted a survey among 100 employees engaging in information security regarding the effective factors for countering malware attacks through email. Furthermore, we confirmed that resilience, backup, and restoration were effective factors in responding to phishing emails. In contrast, practical exercise and attack visualization were recognized as having little effect on malware attacks. In conclusion, our study reminds business and supervisory institutions to carefully examine their regular voluntary exercises or mandatory training programs and assists private corporations and public institutions to establish counter-strategies for dealing with malware attacks.