Understanding Security Behavior of Real Users: Analysis of a Phishing Study

This paper presents a set of statistical analyses on an empirical study of phishing email sorting by real online users. Participants were assigned to multitasking and/or incentive conditions in unattended web-based tasks that are the most realistic in any comparable study to date. Our three stages of analyses included logistic regression models to identify individual phishing “cues” contributing to successful classifications, statistical significance tests assessing the links between participants’ training experience and self-assessments of success to their actual performance, significance tests searching for significant demographic factors influencing task completion performance, and lastly k-means clustering based on a range of performance measures and utilizing participants’ demographic attributes. In particular, the results indicate that multitasking and incentives create complex dynamics while demographic traits and cybersecurity training can be informative predictors of user security behavior. These findings strongly support the benefits of security training and education and advocate for customized and differentiated interventions to increase users’ success of correctly identifying phishing emails

Cognitive Systems Engineering Models Applied to Cybersecurity

Cybersecurity is an increasing area of concern for organizations and individuals alike. The majority of successfully executed cyberattacks are a result of human error. One common type of attack that targets human users is phishing. In spite of this, there is a lack of research surrounding human implications on phishing behavior. Using an online survey platform with both phishing and legitimate emails, the present research examined the utility of various cognitive engineering models for modeling responses to these example emails. Using Signal Detection Theory (SDT) and Fuzzy Signal Detection Theory (Fuzzy SDT), the influence of familiarity with phishing and having a background in cybersecurity on phishing behavior was examined. The results from SDT analysis indicated that familiarity with phishing only accounted for 11% of the variance in sensitivity and 5% in bias. When examining the same using Fuzzy SDT analysis, familiarity with phishing accounted for 6% of the variance in bias. When examining background in cybersecurity using SDT analysis, t-tests indicated the null hypothesis could be rejected for the relationship of background in cybersecurity with sensitivity and bias. When examining the same for Fuzzy SDT, the null hypothesis could only be rejected for the relationship between bias and background in cybersecurity. In addition to these findings, the use of a confusion matrix revealed that the percentage of successfully transmitted information from the stimuli to the judgements made by participants was only 26%. Participant identification of phishing cues was also examined. Participants most frequently identified requests for personal information within the emails. Future research should continue to explore predictors of phishing behavior and the application of the different cognitive engineering models to phishing behavior

Navigating the Phishing Landscape: A Novel Stage Model Unveiling the Journey of Individuals Exposed to Phishing Attempts

The focus of this master thesis is to understand the process and stages individuals go through when exposed to a phishing attack. To achieve this objective, we will closely examine the responses of individuals throughout the phishing process and establish connections between their cognitive processes and actions, drawing upon relevant literature. By integrating these insights, we will construct a holistic phishing stage model. Consequently, our research question, "How can we identify and understand the stages involved in the phishing process?" will guide our investigation. For this thesis, we conducted a qualitative study where we interviewed nine individuals from seven different IT consultant firms in Norway. We utilized the theoretical framework to create a holistic phishing stage model. The findings lead to the creation of a phishing stage model consisting of a pre-stage and three main stages with constituent activities that explain the flow from stage to stage. The findings reveal that individuals rely on technical solutions in more ways than we initially thought. Warnings in the delivery stage of emails affects the potential victim in the later stages, especially when they explore the content of a phishing message. Ignoring phishing attempts were found to be prevalent in the younger interview candidates. Interestingly those who reported phishing attempts were found to do so in two different ways, either officially or unofficially. The unofficial reporting consisted of altering coworkers through word of mouth or other communication channels. In contrast, official reporting was the way intended by company policies. This study offers a valuable model that effectively explains the stages individuals go through during the phishing process. This research enhances our understanding of said phenomenon by shedding light on phishing attacks from the victim’s standpoint. The insight gained from this thesis advances our understanding and offers valuable guidance for developing preventive measures, educational initiatives, training programs, and robust cybersecurity strategies. Furthermore, the model presented in this study serves as a valuable tool for identifying focal points in training efforts, thus enabling organizations to address vulnerabilities and effectively enhance their defenses against phishing attacks

Navigating the Phishing Landscape: A Novel Stage Model Unveiling the Journey of Individuals Exposed to Phishing Attempts

The focus of this master thesis is to understand the process and stages individuals go through when exposed to a phishing attack. To achieve this objective, we will closely examine the responses of individuals throughout the phishing process and establish connections between their cognitive processes and actions, drawing upon relevant literature. By integrating these insights, we will construct a holistic phishing stage model. Consequently, our research question, "How can we identify and understand the stages involved in the phishing process?" will guide our investigation. For this thesis, we conducted a qualitative study where we interviewed nine individuals from seven different IT consultant firms in Norway. We utilized the theoretical framework to create a holistic phishing stage model. The findings lead to the creation of a phishing stage model consisting of a pre-stage and three main stages with constituent activities that explain the flow from stage to stage. The findings reveal that individuals rely on technical solutions in more ways than we initially thought. Warnings in the delivery stage of emails affects the potential victim in the later stages, especially when they explore the content of a phishing message. Ignoring phishing attempts were found to be prevalent in the younger interview candidates. Interestingly those who reported phishing attempts were found to do so in two different ways, either officially or unofficially. The unofficial reporting consisted of altering coworkers through word of mouth or other communication channels. In contrast, official reporting was the way intended by company policies. This study offers a valuable model that effectively explains the stages individuals go through during the phishing process. This research enhances our understanding of said phenomenon by shedding light on phishing attacks from the victim’s standpoint. The insight gained from this thesis advances our understanding and offers valuable guidance for developing preventive measures, educational initiatives, training programs, and robust cybersecurity strategies. Furthermore, the model presented in this study serves as a valuable tool for identifying focal points in training efforts, thus enabling organizations to address vulnerabilities and effectively enhance their defenses against phishing attacks

The web 2.0 Internet: Democratized Internet collaborations in the healthcare sector

Les col•laboracions democratitzades a Internet, entenent-les com les eines participatives de la xarxa, o la Web 2.0, afecten en l'actualitat a nombrosos aspectes la nostra vida. Els acadèmics destaquen el potencial de la Web 2.0 per millorar l’aprenentatge o la salut, així com el seu continu impacte en sectors com el de la tecnologia de mitjans de comunicació. També plantegen un gran nombre de qüestions importants als professionals i estudiosos. Per exemple, la consideració crítica de la Web 2.0 com una bombolla o bé com un element més del màrqueting, que necessita d'una determinació del seu abast i naturalesa. Aquest mateix punt és aplicable a l'ús de la Web 2.0 en el sector sanitari, també anomenat com Medicina 2.0 o Sanitat 2.0. Referent a això, considerant el risc que el contingut generat per altres usuaris sigui utilitzat per prendre decisions relatives a la salut, i tenint en compte l'eficàcia no provada de la Web 2.0 com a instrument de la política sanitària, els acadèmics del tema conviden a la definició de millors models que es puguin aplicar a l'ús pràctic d'aquesta eina. Aquesta tesi es centra en l'estudi d'aquestes qüestions fonamentals, en un camp que es mou a gran velocitat, per darrera de la pràctica real, i que requereix la concertació d'una investigació interdisciplinària. Per tant, aquesta tesi incorpora set obres diferents que ofereixen àmplies perspectives sobre l'ús d'eines de col•laboració en la xarxa en el camp de l'atenció sanitària, cadascuna analitzant el tema amb una profunditat suficient com per seguir sent rellevant en un camp en ràpida evolució. Aquestes obres inclouen un examen d'(1) la Web 2.0 i (2) la Medicina 2.0, utilitzant l'anàlisi del contingut de milions de converses de la xarxa per identificar les principals qüestions pràctiques o teòriques i les tensions subjacents a cada concepte. Dos estudis addicionals analitzen (3) com i per què els metges fan servir les eines de la Web 2.0, i (4) com els metges busquen la informació en aquest context en constant moviment com és el d'Internet. Aquests dos estudis es basen en enquestes, diaris i entrevistes amb els metges que treballen en el Servei Nacional de Salut del Regne Unit. Tots dos destaquen resultats importants com ara models per a l'ús de la Medicina 2.0, o contribucions importants a la literatura com la connexió de la recerca cognitiva en la xarxa i la valoració de la informació en xarxa, tots dos camps sense connexió amb anterioritat a aquest treball. Tres estudis addicionals analitzen la web 2.0 des d'una perspectiva organitzacional, incloent (5) un estudi dels models de disseny de l'ús de la Web 2.0 en el sector farmacèutic, el qual detalla els millors models de pràctiques d'ús, i la seva clara relació amb els models de disseny de codi obert, i (6) també les estratègies d'innovació oberta al sector farmacèutic, on les eines de col•laboració en la xarxa permeten aquest tipus d'estratègies. Els dos últims estudis fan servir entrevistes amb 120 executius del sector farmacèutic analitzats a través d'anàlisi temàtic. Tots dos fan contribucions importants a la literatura mitjançant la caracterització de les estratègies d'innovació oberta i les implicacions per generar la capacitat d'absorció en el context d'innovació oberta. L'últim estudi (7) examina la Medicina 2.0 des de la perspectiva dels proveïdors de serveis de salut, per ajudar a la gestió d'ús de la Web 2.0 com un instrument per a millorar l’atenció sanitària. En general, hi ha moltes contribucions importants a la literatura, que en conjunt aconsegueixen ampliar el panorama de la Web 2.0 en l'assistència sanitària, i aporten consideracions especifiques a la literatura que abasta els sistemes d'informació, les ciències de la informació i la informàtica mèdica , així com la innovació oberta i l'estratègia. Las colaboraciones democratizadas en Internet, entendiéndolas como las herramientas participativas de la red o la Web 2.0, afectan en la actualidad a numerosos aspectos nuestra vida. Los académicos destacan el potencial de la Web 2.0 para mejorar el eAprendizaje o la salud, así como su continuo impacto en sectores como el de la tecnología de medios de comunicación. También plantean un gran número de cuestiones importantes a los profesionales y estudiosos. Por ejemplo, la consideración crítica de la Web 2.0 como una burbuja o bien como un elemento más del marketing, que necesita de una determinación de su alcance y naturaleza. Este mismo punto es aplicable al uso de la Web 2.0 en el sector sanitario, también denominado como Medicina 2.0 o Sanitad 2.0. A este respecto y considerando el riesgo de que el contenido generado por otros usuarios sea utilizado para tomar decisiones relativas a la salud, y la eficacia no probada de la Web 2.0 como instrumento de la política sanitaria; los académicos del tema invitan a la definición de mejores modelos que se puedan aplicar al uso práctico de esta herramienta. Esta tesis se centra en el estudio de estas cuestiones fundamentales, en un campo que se mueve a gran velocidad, por detrás de la práctica real, y que requiere la concertación de una investigación interdisciplinaria. Por lo tanto, esta tesis incorpora siete obras distintas que ofrecen amplias perspectivas sobre el uso de herramientas de colaboración en la red en el campo de la atención sanitaria, cada una analizando el tema con una profundidad suficiente como para seguir siendo relevante en un campo en rápida evolución. Estas obras incluyen un examen de (1) la Web 2.0 y (2) la Medicina 2.0, utilizando el análisis del contenido de millones de conversaciones de la red, para identificar las principales cuestiones prácticas o teóricas y las tensiones que subyacen a cada concepto. Dos estudios adicionales analizan (3) cómo y por qué los médicos usan las herramientas de la Web 2.0, y (4) cómo los médicos buscan la información en este contexto en constante movimiento como es el de Internet. Estos dos estudios se basan en encuestas, diarios y entrevistas con los médicos que trabajan en el Servicio Nacional de Salud del Reino Unido. Ambos destacan resultados importantes tales como modelos para el uso de la Medicina 2.0, o contribuciones importantes a la literatura como la conexión de la búsqueda cognitiva en la red y la valoración de la información en red, ambos campos sin conexión con anterioridad al presente trabajo.Tres estudios adicionales analizan la Web 2.0 desde una perspectiva organizacional, incluyendo (5) un estudio de los modelos de diseño del uso de la Web 2.0 en el sector farmacéutico, el cual detalla los mejores modelos de prácticas de uso, y su clara relación con los modelos de diseño de la open source, y (6) y también las estrategias de innovación abierta en el sector farmacéutico donde las herramientas de colaboración en la red permiten este tipo de estrategias. Los dos últimos estudios emplean entrevistas con 120 ejecutivos del sector farmacéutico analizados a través de análisis temático. Ambos hacen contribuciones importantes a la literatura mediante la caracterización de las estrategias de innovación abierta y las implicaciones para generar la capacidad de absorción en el contexto de innovación abierta. El último estudio (7) examina la Medicina 2.0 desde la perspectiva de los proveedores de servicios de salud, para ayudar a la gestión de uso de la Web 2.0 como un instrumento para la gestión de una mejor atención sanitaria. En general, hay muchas contribuciones importantes a la literatura, que en conjunto logran ampliar el panorama de la Web 2.0 en la asistencia sanitaria, y aportan consideraciones específicas a la literatura que abarca los sistemas de información, las ciencias de la información, la informática médica, así como la innovación abierta y la estrategia.Democratized internet collaborations, referring to participatory online tools or Web 2.0, now impact many aspects of people’s lives. Scholars note Web 2.0’s potential to improve eLearning or healthcare, and its ongoing impact in sectors such as tech-media. They also raise a plethora of important questions for practitioners and scholars, such as the criticism of Web 2.0 as hype or marketing term, which necessitates some determination of the scope and nature of Web 2.0. This holds equally for Web 2.0’s use in health care, denoted as Medicine 2.0 or Health 2.0. Moreover, given the risks of people using user-generated content for health decisions, and its unproven effectiveness as a health policy tool, scholars have called for best practice models of use. This thesis addresses these fundamental issues, in a field that is fast moving, behind actual practice, and that requires concerted inter-disciplinary research. Therefore, this thesis incorporates seven distinct works that provide broad perspectives on the use of online collaboration tools in healthcare, each analyzing a specific topic in enough depth to remain relevant in a fast moving field. These works include an examination of (1) Web 2.0 and (2) Medicine 2.0, using content analysis of millions of online conversations to surface the major practical or theoretical issues and tensions that underpin each concept. Two further studies examine (3) how and why doctors use Web 2.0 tools, and (4) how doctors search or forage for information in this evolving internet environment. These two studies rely on surveys, diaries and interviews from doctors working in the UK’s National Health Service (NHS). Both highlight important results, such as models for Medicine 2.0 use, or make important contributions to literature such as connecting the previously separate cognitive online search and internet information judgment literatures. Three further studies examine Web 2.0 from an organizational perspective, including (5) design patterns of Web 2.0’s use in global Pharma, which details best practice models of use and its clear link to Open Source design patterns, and (6) global Pharma’s Open Innovation strategies, where online collaboration tools enable these strategies. The latter two studies employ interviews with 120 pharmaceutical executives analyzed through thematic analysis. They make major contributions to literature by characterizing open innovation strategies and gleaning implications for Absorptive Capacity in the Open Innovation context. The final study (7) examines Medicine 2.0 form the perspective of health service providers, informing management using eHealth as an instrument for improved healthcare management. Overall, there are many major contributions to literature, which together achieve both a broad overview of Web 2.0 in healthcare, but also make specific additions to literature encompassing information systems, information science, medical informatics, and open innovation and strategy

Cyber Situational Awareness and Cyber Curiosity Taxonomy for Understanding Susceptibility of Social Engineering Attacks in the Maritime Industry

The maritime information system (IS) user has to be prepared to deal with a potential safety and environmental risk that can be caused by an unanticipated failure to a cyber system used onboard a vessel. A hacker leveraging a maritime IS user’s Cyber Curiosity can lead to a successful cyber-attack by enticing a user to click on a malicious Web link sent through an email and/or posted on a social media website. At worst, a successful cyber-attack can impact the integrity of a ship’s cyber systems potentially causing disruption or human harm. A lack of awareness of social engineering attacks can increase the susceptibility of a successful cyber-attack against any organization. A combination of limited cyber situational awareness (SA) of social engineering attacks used against IS users and the user’s natural curiosity create significant threats to organizations. The theoretical framework for this research study consists of four interrelated constructs and theories: social engineering, Cyber Curiosity, Cyber Situational Awareness, and activity theory. This study focused its investigation on two constructs, Cyber Situational Awareness and Cyber Curiosity. These constructs reflect user behavior and decision-making associated with being a victim of a social engineering cyber-attack. This study designed an interactive Web-based experiment to measure an IS user’s Cyber Situational Awareness and Cyber Curiosity to further understand the relationship between these two constructs in the context of cyber risk to organizations. The quantitative and qualitative data analysis from the experiment consisting of 174 IS users (120 maritime & 54 shoreside) were used to empirically assess if there are any significant differences in the maritime IS user’s level of Cyber SA, Cyber Curiosity, and position in the developed Cyber Risk taxonomy when controlled for demographic indicators. To ensure validity and reliability of the proposed measures and the experimental procedures, a panel of nine subject matter experts (SMEs) reviewed the proposed measures/scores of Cyber SA and Cyber Curiosity. The SMEs’ responses were incorporated into the proposed measures and scores including the Web-based experiment. Furthermore, a pilot test was conducted of the Web-based experiment to assess measures of Cyber SA and Cyber Curiosity. This research validated that the developed Cyber Risk taxonomy could be used to assess the susceptibility of an IS user being a victim of a social engineering attack. Identifying a possible link in how both Cyber SA and Cyber Curiosity can help predict the susceptibility of a social engineering attack can be beneficial to the IS research community. In addition, potentially reducing the likelihood of an IS user being a victim of a cyber-attack by identifying factors that improve Cyber SA can reduce risks to organizations. The discussions and implications for future research opportunities are provided to aid the maritime cybersecurity research and practice communities

An Empirical Assessment of Audio/Visual/Haptic Alerts and Warnings to Mitigate Risk of Phishing Susceptibility in Emails on Mobile Devices

Phishing emails present a threat to both personal and organizational data. Phishing is a cyber-attack using social engineering. About 94% of cybersecurity incidents are due to phishing and/or social engineering. A significant volume of prior literature documented that users are continuing to click on phishing links in emails, even after phishing awareness training. It appears there is a strong need for creative ways to alert and warn users to signs of phishing in emails. The main goal of the experiments in this study was to measure participants’ time for recognizing signs of phishing in emails, thus, reducing susceptibility to phishing in emails on mobile devices. This study included three phases. The first phase included 32 Subject Matter Experts (SMEs) that provided feedback on the top signs of phishing in emails, audio/visual/haptic pairings with the signs of phishing, and developmental constructs toward a phishing alert and warning system. The second phase included a pilot study with five participants to validate a phishing alert and warning system prototype. The third phase included delivery of the Phishing Alert and Warning System, (PAWS Mobile App ™) with 205 participants. The results of the first phase aligned the constructs for the alert and warning system. A female voice-over warning was chosen by the SMEs as well as visual icon alerts for the top signs of phishing in emails. This study designed, developed, as well as empirically tested the PAWS Mobile App, that alerted and warned participants to the signs of phishing in emails on mobile devices. PAWS displayed a randomized series of 20 simulated emails to participants with varying displays of either no alerts and warnings, or a combination of alerts and warnings. The results indicated audio alerts and visual warnings potentially lower phishing susceptibility in emails. Audio and visual warnings appeared to have assisted the study participants in noticing phishing emails more easily, and in less time than without audio and visual warnings. The results of this study also indicated alerts and warnings assisted participants in noticing distinct signs of phishing in the simulated phishing emails viewed. This study implicates phishing email alerts and warnings applied and configured to email applications may play a significant role in the reduction of phishing susceptibility

AN ENHANCEMENT ON TARGETED PHISHING ATTACKS IN THE STATE OF QATAR

The latest report by Kaspersky on Spam and Phishing, listed Qatar as one of the top 10 countries by percentage of email phishing and targeted phishing attacks. Since the Qatari economy has grown exponentially and become increasingly global in nature, email phishing and targeted phishing attacks have the capacity to be devastating to the Qatari economy, yet there are no adequate measures put in place such as awareness training programmes to minimise these threats to the state of Qatar. Therefore, this research aims to explore targeted attacks in specific organisations in the state of Qatar by presenting a new technique to prevent targeted attacks. This novel enterprise-wide email phishing detection system has been used by organisations and individuals not only in the state of Qatar but also in organisations in the UK. This detection system is based on domain names by which attackers carefully register domain names which victims trust. The results show that this detection system has proven its ability to reduce email phishing attacks. Moreover, it aims to develop email phishing awareness training techniques specifically designed for the state of Qatar to complement the presented technique in order to increase email phishing awareness, focused on targeted attacks and the content, and reduce the impact of phishing email attacks. This research was carried out by developing an interactive email phishing awareness training website that has been tested by organisations in the state of Qatar. The results of this training programme proved to get effective results by training users on how to spot email phishing and targeted attacks