Securing mobile devices: Evaluating the relationship between risk perception, organisational commitment and information security awareness

This study examined the relationship between perception of risk, organisational commitment, and Information Security Awareness (ISA). An online survey was completed by 269 working Australians. Perceptions of the Internet of Things (IoT) risk as it pertains to physically securing mobile devices was assessed. Organisational commitment and perception of personal risk significantly predicted ISA, as did two of the psychometric paradigm items. Demographic variables (age and gender) also significantly predicted variance in ISA, as did frequency of workplace information security training, albeit negatively. By identifying organisational commitment and perception of personal risk as significant predictors of ISA, this research has the potential to inform the development of information security training, aiming to enhance employee ISA.A. Reeves, K. Parsons, and D. Cali

Investigating airplane safety and security against insider threats using logical modeling

In this paper we consider the limits of formal modeling of infrastructures and the application of social explanation for the analysis of insider threats in security and safety critical areas. As an area of study for the analysis we take examples from aviation, firstly since incidents are typically well-documented and secondly since it is an important area per se. In March 2015, a Germanwings flight crashed in the French Alps in what is quite firmly believed to have been intentionally caused by the copilot who locked the pilot out of the cockpit and programmed the autopilot on constant descent. We investigate the security controls and policies in airplanes against insider threats using logical modeling in Isabelle

Getting users to click : a content analysis of phishers’ tactics and techniques in mobile instant messaging phishing

Purpose: This study aims to investigate how phishers apply persuasion principles and construct deceptive URLs in mobile instant messaging (MIM) phishing. Design/methodology/approach: In total, 67 examples of real-world MIM phishing attacks were collected from various online sources. Each example was coded using established guidelines from the literature to identify the persuasion principles, and the URL construction techniques employed. Findings: The principles of social proof, liking and authority were the most widely used in MIM phishing, followed by scarcity and reciprocity. Most phishing examples use three persuasion principles, often a combination of authority, liking and social proof. In contrast to email phishing but similar to vishing, the social proof principle was the most commonly used in MIM phishing. Phishers implement the social proof principle in different ways, most commonly by claiming that other users have already acted (e.g. crafting messages that indicate the sender has already benefited from the scam). In contrast to email, retail and fintech companies are the most commonly targeted in MIM phishing. Furthermore, phishers created deceptive URLs using multiple URL obfuscation techniques, often using spoofed domains, to make the URL complex by adding random characters and using homoglyphs. Originality/value: The insights from this study provide a theoretical foundation for future research on the psychological aspects of phishing in MIM apps. The study provides recommendations that software developers should consider when developing automated anti-phishing solutions for MIM apps and proposes a set of MIM phishing awareness training tips