A pilot study of cyber security and privacy related behavior and personality traits

ABSTRACT Recent research has begun to focus on the factors that cause people to respond to phishing attacks as well as affect user behavior on social networks. This study examines the correlation between the Big Five personality traits and email phishing response. Another aspect examined is how these factors relate to users' tendency to share information and protect their privacy on Facebook (which is one of the most popular social networking sites). This research shows that when using a prize phishing email, neuroticism is the factor most correlated to responding to this email, in addition to a gender-based difference in the response. This study also found that people who score high on the openness factor tend to both post more information on Facebook as well as have less strict privacy settings, which may cause them to be susceptible to privacy attacks. In addition, this work detected no correlation between the participants estimate of being vulnerable to phishing attacks and actually being phished, which suggests susceptibility to phishing is not due to lack of awareness of the phishing risks and that real-time response to phishing is hard to predict in advance by online users. The goal of this study is to better understand the traits that contribute to online vulnerability, for the purpose of developing customized user interfaces and secure awareness education, designed to increase users' privacy and security in the future

Conceptualizing human resilience in the face of the global epidemiology of cyber attacks

Computer security is a complex global phenomenon where different populations interact, and the infection of one person creates risk for another. Given the dynamics and scope of cyber campaigns, studies of local resilience without reference to global populations are inadequate. In this paper we describe a set of minimal requirements for implementing a global epidemiological infrastructure to understand and respond to large-scale computer security outbreaks. We enumerate the relevant dimensions, the applicable measurement tools, and define a systematic approach to evaluate cyber security resilience. From the experience in conceptualizing and designing a cross-national coordinated phishing resilience evaluation we describe the cultural, logistic, and regulatory challenges to this proposed public health approach to global computer assault resilience. We conclude that mechanisms for systematic evaluations of global attacks and the resilience against those attacks exist. Coordinated global science is needed to address organised global ecrime

Evidence of personality traits on phishing attack menace among selected university undergraduates in Nigerian

Access ease, mobility, portability, and improved speed have continued to ease the adoption of computing devices; while, consequently proliferating phishing attacks. These, in turn, have created mixed feelings in increased adoption and nosedived users’ trust level of devices. The study recruited 480-students, who were exposed to socially-engineered attack directives. Attacks were designed toretrieve personal dataand entice participants to access compromised links. Wesought to determine the risks of cybercrimes among the undergraduates in selected Nigerian universities, observe students’ responses and explore their attitudes before/after each attack. Participants were primed to remain vigilant to all forms of scams as WE sought to investigate attacks’ influence on gender, students’ status, and age to perceived safety on susceptibility to phishing. Results show that contrary to public beliefs, age, status, and gender were not among the factors associated with scam susceptibility and vulnerability rates of the participants. However, the study reports decreased user trust levels in the adoption of these new, mobile computing devices

The Efficacy of Perceived Big Data Security, Trust, Perceived Leadership Competency, Information Sensitivity, Privacy Concern and Job Reward on Disclosing Personal Security Information Online

Individuals’ reluctance to provide sensitive personal information online could affect the US Governments’ ability to hire and retain qualified personnel for sensitive cleared positions. The aim of this research study was to show how perceived big data security, trust, perceived leadership competency, information sensitivity, privacy concern and reward of a job play a significant role in limiting an individuals’ willingness of disclosing sensitive personal information online. While a significant volume of research has examined information disclosure in the health care field, there has not been any published studies on the willingness of online disclosure in order to attain a US Government job. Therefore, this study was undertaken to address this gap, where the principles of Utility Theory were applied, which posits that people make choices by maximizing their utility function over multiple choices. This study was a quantitative study that collected data through online survey using a 7-Point Likert Scale. Random sampling was used to collect data by sending the survey link through email and through Survey Monkey’s participant outreach program to random participants. Partial Least Square Structural Equation Modeling (PLS-SEM) was used to analyze the data collected from a total of 206 responses received. Based on the results, it was found that leadership competency, trust in website and job reward have a significant impact on an individual’s willingness to disclose, while perceived big data security and privacy concern did not. It is recommended that the government thoroughly vet leaders in charge, as increase in perceived leadership competency has shown to have an increase in website trust, eventually leading to an individual’s willingness to disclose. Of particular interest and contrary to previous studies on information disclosure, privacy concern did not show a significant influence on willingness to disclose information online. Similarly, from the three personality traits of extraversion, intellect and conscientiousness, only individuals with the conscientiousness trait, showed to have any significant impact on privacy concern. Finally, the aim of this study was to help the government understand online disclosure reluctance in order to hire and retain qualified personnel for cleared positions and contribute to the body of knowledge

Malicious User Experience Design Research for Cybersecurity

This paper explores the factors and theory behind the user-centered research that is necessary to create a successful game-like prototype, and user experience, for malicious users in a cybersecurity context. We explore what is known about successful addictive design in the fields of video games and gambling to understand the allure of breaking into a system, and the joy of thwarting the security to reach a goal or a reward of data. Based on the malicious user research, game user research, and using the GameFlow framework, we propose a novel malicious user experience design approac

Phishing happens beyond technology : the effects of human behaviors and demographics on each step of a phishing process

Prior studies have shown that the behaviours and attitudes of Internet users influence the likelihood of being victimised by phishing attacks. Many scammers design a step-by-step approach to phishing in order to gain the potential victim's trust and convince them to take the desired actions. It is important to understand which behaviours and attitudes can influence following the attacker in each step of a phishing scam. This will enable us to identify the root causes of phishing and to develop specific mitigation plans for each step of the phishing process and to increase prevention points. This study investigates to what extent people's risk-taking and decision-making styles influence the likelihood of phishing victimisation in three specific phishing steps. We asked participants to play a risk-taking game and to answer questions related to two psychological scales to measure their behaviours, and then conducted a simulated phishing campaign to assess their phishability throughout the three phishing steps selected. We find that the attitude to risk-taking and gender can predict users' phishability in the different steps selected. There are however other possible direct and indirect behavioural factors that could be investigated in future studies. The results of this study and the model developed can be used to build a comprehensive framework to prevent the success of phishing attempts, starting from their root causes

Does Personality Traits and Security Habits Influence Security of Personal Identification Numbers? The Context of Mobile Money Services in Tanzania.

Security is an important ingredient in financial transactions; as such, it is imperative that attention should be paid to enhancing the security habits and user behaviours of mobile payment services. Establishing a link between security habits, personality characteristics, and security behaviours provides a new dimension to studying security behaviours regarding mobile money services. Therefore, this study investigates how personality traits affect security behaviours and habits and how security habits mediate the link between personality traits and PIN security practices. The study found that conscientiousness, openness to experience, extroversion and security habits influence PIN security practices, while conscientiousness, agreeableness, and neuroticism influence security habits. Further, the study found security habits mediate the relationships between conscientiousness, agreeableness, neuroticism and PIN security practices. The study has managerial consequences for the players in the mobile money services domain in addition to its theoretical ramifications

A comparative study of cloud services use by prospective IT professionals in five countries

Individuals and organizations utilise the cloud technology and its services in various ways. Cloud-based services are becoming increasingly popular, while there is no adequate knowledge offered for their secure use in the education for future IT professionals. It is important to understand how security and privacy issues are perceived and handled by male/female users and IT professionals of different cultures. The authors aim at presenting and scrutinizing information about cloud services’ use by prospective IT professionals in five countries, namely China, Finland, Greece, Nepal, and the UK. In particular the authors, wanting to find out what are the future IT professionals’ conceptualisations and awareness, collected data from male and female IT students in higher education, who use (or not) cloud services. The authors further illustrate the research findings by proceeding to a comparative analysis considering different perspectives such as: gender, education background, national culture (values and culture), and IT-related knowledge. The final research outcomes reveal attention-grabbing information for future IT professionals’ skills, knowledge, and digital competencies. For the IT professionals and software quality engineering communities the latter comprise a body of realistic knowledge, worthy of note when designing curricula for security technology by accommodating practical and accessible solutions (e.g., cryptography-based cloud security) for developing and enhancing the IT professionals’ role