Organizations invest heavily in technology solutions to enhance their cybersecurity, yet it is often human factors, like an employee clicking on a phishing link, that can derail even the most sophisticated security systems. Applying dual-process theories of cognition, we argue that a brief mindfulness practice may prevent habitual responding to phishing attempts by enhancing rational decision making and hence detecting phishing cues. To empirically investigate this idea, we manipulated mindfulness between two groups of participants in an experiment, and measured the ability to detect phishing cues that are easy or difficult to notice in emails from familiar or unfamiliar sources. Our findings suggest that mindfulness helps to detect more phishing cues when emails are difficult and from familiar sources, but not in any of the other experimental conditions. Subsequently, we draw theoretical implications for the role of human factors in cybersecurity behavior, and offer practical suggestions for security training.
Research on the effectiveness of cyber security awareness in ICS Risk Assessment Frameworks
Assessing security awareness among users is essential for protecting industrial control systems (ICSs) from social...