Samenvatting

The aim of this dissertation was to research how awareness concerning the threats of phishing among Dutch SMEs can be raised in order to improve their online security in the future. The following research question was formulated: ‘‘In what way can awareness concerning the threats of phishing amongst SMEs in the Netherlands be raised?’’. This dissertation is an exploratory and descriptive research which defined the problem of SMEs becoming a beloved target of phishing attacks. This was originally an observed matter which has now been confirmed by secondary data and by the act of conducting field research to understand the minds of the employees of SMEs better. Research methods desk research and field research were conducted. The results of the desk research made it clear that cybercrime is indeed a serious problem. Threats and damages in the Netherlands caused by cybercrime are expected to grow because of increasing digital activities such as online banking. Dutch people are the favourite target of cyber-attacks because almost all Dutch people are active on the internet and the number of people that make use of online banking is also very high. Increasingly advanced technology is also a global development. The more new concepts, techniques and technologies are developed, the more cyber threats will occur. Furthermore, the commodity of ICT could be an underlying reason for the increasing number of phishing attacks. Nowadays, internet is used in daily life worldwide in both private and public sectors and even online one can find information on how to create phishing e-mails. The results of field research made clear that Dutch SMEs do not feel they are at risk of becoming a target of cybercrime and phishing attacks. It is clear that the Dutch business life is not aware that Dutch SMEs in fact are very vulnerable for phishing attacks and therefore should take better precautions. Lots of enterprises underestimate the risks they take concerning cyber security. Larger enterprises have had lots of public breaches and have been hacked often by cybercriminals and therefore invested in online safety and security making SMEs a much easier target. In general an SME will have weaker defences than a larger organisation or company. This is in a large part due to the fact that most SMEs still do not think cybercriminals will target them, despite evidence to the contrary. SMEs also think a small company is not vulnerable nor valuable for cyber-attacks. An attack on an SME could even be the gateway to bigger targets. This lack of awareness is an accumulation of issues. First of all, current cybercrime information campaigns are not aimed at SMEs only, neither are the Dutch national cyber security strategies. Even though information campaigns have been launched to inform companies and individuals about the threats on the internet, the awareness SMEs have of the dangers online has not yet been increased. It is therefore recommended that SMEs invest in digital safety themselves, keep all company computer software up-to-date, outsource online security to a professional external party and discuss the subject of digital security with all of their employees. Most importantly, introducing a new cybercrime awareness campaign could greatly contribute to raise awareness among SMEs concerning the threats of phishing.