Introduction to the Minitrack on Innovative Behavioral IS Security and Privacy Research

N/

The Role of Rational Calculus in Controlling Individual Propensity toward Information Security Policy Non-Compliance Behavior

We draw on recent advances in cognitive neural science to articulate an employee security behavioral model. Cognitive neural science studies suggest two neurological processes occurring in human brain when making decisions: the automatic or reflexive process, which is the default mode for decision making, and the controlled or reflective process, which interrupts the automatic process when the brain encounters unexpected events or novel decisions. We map rational choice to the controlled process and self-control to the automatic process and test a decision model using survey data in the context of employee non-compliance behavior to organization information security policies

Deception in double extortion ransomware attacks:An analysis of profitability and credibility

Ransomware attacks have evolved with criminals using double extortion schemes, where they signal data exfiltration to inflate ransom demands. This development is further complicated by information asymmetry, where victims are compelled to respond to ambiguous and often deceptive signals from attackers. This study explores the complex interactions between criminals and victims during ransomware attacks, especially focusing on how data exfiltration is communicated. We use a signaling game to understand the strategies both parties use when dealing with uncertain information. We identify five distinct equilibria, each characterized by the criminals' varied approaches to signaling data exfiltration, influenced by the strategic parameters inherent in each attack scenario. Calibrating the game parameters with real-world like values, we identify the most probable equilibrium, offering insights into anticipated ransom amounts and corresponding payoffs for both victims and criminals. Our findings suggest criminals are likely to claim data exfiltration, true or not, highlighting a strategic advantage for intensifying attack efforts. The study underscores the need for victims' caution towards criminals' claims and highlights the unintended consequences of policies making false claims costlier for criminals.</p