INVESTIGATING THE IMPACT OF PHISHING ATTACKS ON ORGANIZATIONAL CYBERSECURITY POSTURE

Abstract

This study aims to examine how phishing attacks can affect the cyber security posture of organizations in four dimensions: technical, operational, reputational and.  governance.Quantitative surveys were administered to 108 organizations, qualitative semi structured interviews were carried out with 17 Cybersecurity professionals, and documentary evidence related to the incident report and posture assessment was reviewed in this study. Phishing attacks have been found to act as a system wide assessment of how well an organization's cybersecurity postures hold up in the face of attack. Vulnerabilities in technical controls, human behavior, and governance frameworks can be identified through exploitation of the weaknesses created through a systemic stress test. Specifically, organizations subject to more significant numbers of phishing attacks are generally not as well implemented in their control measures such as multifactor authentication (MFA), and AI filtering of email, as well as not having adequate formal incident response plans. . As a result organizations with more frequent phishing incidents have lower posture scores when compared to organizations that employ continuous security awareness training, MFA adoption and AI driven threat preemption even when they have been breached as a result of phishing. This study highlights the need for a proactive posture focused cybersecurity strategy that incorporates human centric controls, technical safeguards and governance aware posture assessments. In addition the authors provide organizations in Pakistan and other jurisdictions with actionable recommendations for developing a more effective cybersecurity posture against evolving phishing threats.