Evaluating the awareness of security among users plays a critical role in safeguarding Industrial Control Systems (ICSs) against social engineering attacks. This study was conducted to assess the impact of cybersecurity awareness on the response to cybersecurity incidents within ICSs. Furthermore, this research has incorporated various measures and frameworks related to cybersecurity emergency response processes,...
Research on the effectiveness of cyber security awareness in ICS Risk Assessment Frameworks
Beyond cybersecurity tools: The increasing roles of human factors and cyber insurance in the survival of social media organizations
Cybersecurity tools are designed to safeguard an organization's systems and data by ensuring confidentiality, integrity, and availability in the face of cyber threats. Nevertheless, it's vital to recognize that these tools come with inherent limitations. Relying solely on them is insufficient for effectively managing the ever-evolving landscape of cyber risks. In this context, human resources...
Gamification of cyber security awareness training for phishing against university students
Users represent the primary source of cyber security breaches. Unfortunately, Cyber Security Awareness training often fails to capture their interest and is perceived as a secondary task, an impediment, or a distraction from their core responsibilities. This indifference poses a significant risk to organizations, as cyber security breaches collectively cost businesses billions annually. An effective...
Exploring how, why and in what contexts older adults are at risk of financial cybercrime victimization: A realist review
Despite infrequent reports from older individuals regarding their experiences as victims of financial cybercrime, there exists compelling evidence indicating that older online users face an elevated risk. This realist review was conducted to identify the factors contributing to the victimization of older adults and to evaluate the theory and supporting evidence for interventions aimed at...
Human errors: A cyber security concern and the weakest link to small businesses
Cybersecurity is a critical concern for organizations, particularly in the face of the ongoing global pandemic caused by Covid-19. The abrupt shift to remote work, often referred to as the 'new normal,' has introduced information security risks associated with human factors. This includes both malicious actors and employees using the same platforms for information exchange...
Oppositional human factors in cybersecurity: A preliminary analysis of affective states
The need for cyber defense research is growing as more cyber-attacks are directed at critical infrastructure and other sensitive networks. Traditionally, the focus has been on hardening system defenses. However, other techniques are being explored including cyber and psychological deception which aim to negatively impact the cognitive and emotional state of cyber attackers directly through...
Bridging the knowing-doing gap: the role of attitude in information security awareness
This study examined that gap between knowledge and behaviour, why employees wilfully omit, and the role of attitude in bridging that gap. The study was conducted as a web-administered survey using the Human Aspects of Information Security Questionnaire (HAIS-Q), to which 287 participants responded. The data was analysed using linear regression, Baron-Kenny mediation, and comparison...
Impacts of the Covid-19 pandemic on online security behaviour within the UK educational industry
In this research, the impact of the coronavirus pandemic on the security behaviour of academic businesses is uncovered. This is done by comparing the pre-pandemic annual cyber security survey with the peak and post-pandemic survey, i.e., 2019, 2020 and 2021 respectively. Findings from this research demonstrate that the pandemic brought about a rise in cyberattacks,...
Analysing security concerns about the massive increase of sharing data over the cloud during the pandemic of Covid-19
Technology plays a vital role to overcome some of the challenges caused by Covid-19. For example, adopting cloud computing during pandemic has become double to handle the highest accelerating of process data through the cloud. However, the sudden and heavy use of cloud computing alerts the attack of cyber security. Therefore, this adds a threat...
Utilising machine learning against email phishing to detect malicious emails
Phishing is an identity theft evasion strategy used in which consumers accept bogus emails from fraudulent accounts that claim to belong to a legal and real company in the effort to steal sensitive information of the client. This act places many users’ privacy at risk, and therefore researchers continue to work on identifying and improving...
Does psychological distance and religiosity influence fraudulent customer behavior?
This study delves into the motivations behind fraudulent customer behavior on eBay, a phenomenon that imposes significant financial losses on online businesses. To investigate this issue, a conceptual framework is developed, extending the Theory of Planned Behavior with factors such as religiosity, social detection risk, ethical judgment, and the moderating influence of perceived psychological distance....
Phishing in organizations: findings from a large-scale and long-term study
In this paper, we present findings from a large-scale and long-term phishing experiment that we conducted in collaboration with a partner company. Our experiment ran for 15 months during which time more than 14,000 study participants (employees of the company) received different simulated phishing emails in their normal working context. We also deployed a reporting...
Developing a framework to measure cyber resilience behaviour of indian bank employees
Cyber resiliency of an organization depends on the IT infrastructure and cyber security measures undertaken; however, a prominent factor to achieve resilience depends on the employees. Confronted with this bleak realization, it is only recently that the need for cyber resilient culture has come into existence. While seminal contribution has been made in the field...
Gamification of cybersecurity awareness – A systematic review of games
This thesis presents the state of the art of games used in cyber security awareness. In this regard, a systematic review of games following PRISMA guidelines was conducted on the relevant papers published between 2010 to 2021. The games were analyzed based on their purpose, cyber security topics taught, target audience, deployment methods, game genres...
The future human and behavioural challenges of cybersecurity
This chapter explores the future human and behavioural challenges that are likely to have an impact on cybersecurity. It identifies some general challenges that will need to be overcome. The first challenge will be to accept that cybersecurity practitioners are not average end users. It is important to understand cybersecurity as a social practice that...
What influences employees to follow security policies?
Incorporating the Value of Congruence Model (VC), the Theory of Planned Behavior Model (TPB), and Security-Conscious Care Behavior, this study demonstrates that cybersecurity behavior can be effectively influenced through straightforward and cost-efficient measures. Such an approach offers substantial advantages to companies seeking to protect their assets. By analyzing data from 193 respondents, the research underscores...
Human-centric cybersecurity research: From trapping the bad guys to helping the good ones
The issue of cybersecurity has surged in importance in recent years due to numerous high-profile incidents, hacking attempts, and data breaches that have captured headlines. The continuous rise in cyber incidents suggests the need for a reevaluation of how we perceive cybersecurity and whether a shift in mindset is warranted. In essence, cybersecurity is fundamentally...
Avoid being a victim of social engineering attack during the COVID-19 pandemic
This article delves into the impact of the COVID-19 pandemic on the proliferation of social technology attacks. It discusses the implications of these emerging threats and offers strategies for addressing them. By examining various known threats associated with coronaviruses, this report provides valuable insights and recommendations for entities and enterprises. Furthermore, the study explores the...
Understanding factors that influence Unintentional Insider Threat: A framework to counteract unintentional risks
The exploitation of individuals classified as insiders is widely acknowledged as a common avenue for cyberattacks. Recent research approaches this issue from various angles, covering aspects related to technology, psychology, and sociotechnical factors. This particular study delves deeper into the realm of unintentional insider threats, employing the Critical Decision Method (CDM) in interviews with individuals...
Human factors in phishing attacks: A systematic literature review
Phishing, defined as the fraudulent endeavor to acquire sensitive information by impersonating a reputable entity in digital communication, remains a prevalent form of cyber attack. Its success is often attributed to users' lack of awareness of vulnerabilities or their inability to grasp the associated risks. This article offers a systematic literature review aimed at providing...