A Quantitative Study of Risk Scores and the Effectiveness of AI-Based Cybersecurity Awareness Training Programs

Cybersecurity awareness training plays a dynamic role for organizations in certifying resources\u27 accessibility. This paper determines the correlation between an employee\u27s risk score and the effectiveness of AI-based security awareness training that deals with cyber threats. The research uses the Unified Theory of Acceptance and Use of Technology to update prior research, revealing that at-risk employees\u27 behavior and information security awareness training implementation make up successful interventions. However, those studies did not discuss AI training, and so this research fills that literature gap. This study used a quantitative research design. The researcher analyzed survey responses using Pearson\u27s Correlation and an independent t-test to determine statistically significant relationships and differences between employees\u27 risk scores and an AI-based security awareness training programs\u27 effectiveness. The calculations came from a sample of 200 participants from two different organizations. The Pearson product correlation of employee\u27s risk scores and the effectiveness of the security awareness training program was statistically significant. The researcher also conducted an independent-samples t-test to compare the employees\u27 risk scores by gender. There were no significant differences in scores. Male was higher than female ones. The mean difference was minimal. The findings herein help interpret the role of information security awareness training in the workplace, promoting behavioral changes that would impede data violations by including the users\u27 vulnerability and the severity of intimidation, and the response to a threat in prognosticating behavior intentions

Why do People Adopt, or Reject, Smartphone Security Tools?

A large variety of security tools exist for Smartphones, to help their owners to secure the phones and prevent unauthorised others from accessing their data and services. These range from screen locks to antivirus software to password managers. Yet many Smartphone owners do not use these tools despite their being free and easy to use. We were interested in exploring this apparent anomaly. A number of researchers have applied existing models of behaviour from other disciplines to try to understand these kinds of behaviours in a security context, and a great deal of research has examined adoption of screen locking mechanisms. We review the proposed models and consider how they might fail to describe adoption behaviours. We then present the Integrated Model of Behaviour Prediction (IMBP), a richer model than the ones tested thus far. We consider the kinds of factors that could be incorporated into this model in order to understand Smartphone owner adoption, or rejection, of security tools. The model seems promising, based on existing literature, and we plan to test its efficacy in future studies

Employee Awareness on Phishing Threats: A Comparison of Related Frameworks and Models

Data and sensitive information in the public sector are major targets for cyberattacks. Officials in the public sector have developed a wide range of frameworks, models, and technology to help employees understand the risk of phishing attacks. However, these models havent been able to meet the total needs of institutions in terms of security. This study reviews the awareness frameworks and models used to increase users awareness of phishing scams and highlights the problems and drawbacks. Moreover, this study compares the various cybersecurity awareness frameworks and models. The findings show a need to enhance current phishing awareness frameworks and models that can handle phishing attacks in the workplace while also converting them into cybersecurity training input, mainly via a digital learning platform

Email and Website-Based Phishing Attack: Examining Online Users Security Behavior in Cyberspace Environment

Despite Emails and websites being widely used for communication, collaboration, and day-to-day activity, not all online users have the same knowledge and skills when determining the credibility of visited websites and email content. As a result, phishing, an identity theft cyber-attack that targets humans rather than computers, was born to harvest internet users' confidential information by taking advantage of human behavior and hurting an organization's continuity, reputation, and credibility. Because the success of phishing attacks depends on human behavior, using the Health-Belief Model, the study's objective is to examine significant factors that influence online users' security behavior in the context of Email and website-based phishing attacks. The model included eight predictor variables and was validated using quantitative data from 138 academic staff. The study findings exhibit that 4 out of 8 predictor variables, namely Perceived-Barriers, Perceived-Susceptibility, Self-efficacy, and Security-Awareness, are statistically significant in determining users' security behavior. The study's outcome is to assist in the appropriate design of both online and offline content for cyber security awareness programs, focusing on Email and website-based phishing attacks

Evaluating Cyber Security Awareness Levels For Employees In DRB-Hicom Auto Solutions

The Internet is becoming increasingly connected to people in the daily life of many individuals, organisations and nations. It has benefit many people and gives a positive effect on the way people communicate. It has also introduced new avenues for business and has offered nations an opportunity to be involved in an online business. Although cyberspace offers a borderless list of services and opportunities, it is also accompanied by many risks. One of these risks is cyber attack. In an organisation, most of the cyber-attacks are email phishing, ransomware and data leaking. As concluded by many researchers that those use the Internet are not aware of such threats. In view of this, there is a need for an effective of cyber security awareness training that is custom-made according to the level of user knowledge. In this context, the primary research objective of this study is to understand the level of awareness and propose a training model to the organisation. Respondents were required to feedback their level of awareness for email phishing, cyber fraud, ransomware, social engineering and data leak. The total of 108 respondents were involved in this study and the finding shows that the awareness level is quite low for social engineering and cyber fraud attacks for almost all group age, job category and length of service. (Abstract by author

A Framework to Detect the Susceptibility of Employees to Social Engineering Attacks

Social engineering attacks (SE-attacks) in enterprises are hastily growing and are becoming increasingly sophisticated. Generally, SE-attacks involve the psychological manipulation of employees into revealing confidential and valuable company data to cybercriminals. The ramifications could bring devastating financial and irreparable reputation loss to the companies. Because SE-attacks involve a human element, preventing these attacks can be tricky and challenging and has become a topic of interest for many researchers and security experts. While methods exist for detecting SE-attacks, our literature review of existing methods identified many crucial factors such as the national cultural, organizational, and personality traits of employees that enable SE-attacks not considered by the other researchers. Thus, this thesis aims to address the gap by identifying and analyzing all the factors that make the SE-attack possible. We have developed a framework that operates in an enterprise environment and can detect the susceptibility of victims to SE-attacks. It relies on mapping Gragg’s psychological triggers of social engineering to three groups of factors, namely the national cultural factors, the organizational factors, and the personality traits of employees. Our analysis demonstrates that there is a correlation between the social engineering triggers and the three-layered factors that make employees susceptible to social engineering attacks. Thus, adding these factors in the proposed framework detects susceptibility of victims. Finally, we introduce a proposed framework that would detect and recognize weaknesses and susceptibility of employees in an organization which can be used for enhancing awareness and employee training to better recognize and prevent SE-attacks

Assessing Employees’ Cybersecurity Attitude Based on Working and Cybersecurity Threat Experience

Many cybersecurity problems are caused by human error, which is a worry in the commercial sector. Due to their attitude towards cybersecurity, many employees in the firm do not work in a way that safeguards data. This study seeks to examine employees\u27 cybersecurity attitudes with a focus on their work experience and exposure to cybersecurity threats. Data were gathered through a survey conducted in targeted business firms located in the Klang Valley area, Malaysia. Utilizing ANOVA and two-sample tests, the study analysed 245 data samples to evaluate the hypotheses. The results show significant distinctions in employees\u27 cybersecurity attitudes in relation to the extent of their work experience and their previous encounters with cybersecurity threats. These findings hold valuable implications for the field of information security management, offering insights into how the industry can refine its strategic planning for information security. This can positively affect cybersecurity attitudes among employees within organizations

Social Engineering: I-E based Model of Human Weakness for Attack and Defense Investigations

Social engineering is the attack aimed to manipulate dupe to divulge sensitive information or take actions to help the adversary bypass the secure perimeter in front of the information-related resources so that the attacking goals can be completed. Though there are a number of security tools, such as firewalls and intrusion detection systems which are used to protect machines from being attacked, widely accepted mechanism to prevent dupe from fraud is lacking. However, the human element is often the weakest link of an information security chain, especially, in a human-centered environment. In this paper, we reveal that the human psychological weaknesses result in the main vulnerabilities that can be exploited by social engineering attacks. Also, we capture two essential levels, internal characteristics of human nature and external circumstance influences, to explore the root cause of the human weaknesses. We unveil that the internal characteristics of human nature can be converted into weaknesses by external circumstance influences. So, we propose the I-E based model of human weakness for social engineering investigation. Based on this model, we analyzed the vulnerabilities exploited by different techniques of social engineering, and also, we conclude several defense approaches to fix the human weaknesses. This work can help the security researchers to gain insights into social engineering from a different perspective, and in particular, enhance the current and future research on social engineering defense mechanisms