Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours

Hadlington, Lee

doi:10.1016/j.heliyon.2017.e00346

Cited by 166 publications

(134 citation statements)

References 29 publications

Supporting

Mentioning

119

Contrasting

Unclassified

Order By: Relevance

“…Each security breach incident in an organisation is more or less dependent not only on technology but primarily on the end users (Hadlington, 2017). In order to mitigate the risk of information security, the organisations are required to implement an appropriate awareness program for all employees.…”

Section: Discussionmentioning

confidence: 99%

“…According to Kruger and Kearney, information security is perceived as the degree to which every employee understands the importance and consequences of security policies, internal guidelines for information security organizations (Kruger and Kearney, 2006). The cited definition of information security awareness refers fully to the KAB model that forms the basis of the HAIS-Q research instrument (Parsons et al, 2014;2017). The mentioned method of measuring consciousness relies heavily on techniques borrowed from social psychology, which suggests that the tendency of a person to do something beneficial or unfavorable depends on three components, namely knowledge, attitude and behavior.…”

Section: Literature Reviewmentioning

confidence: 99%

See 1 more Smart Citation

Forming the Awareness of Employees in the Field of Information Security

Chmura

2017

JPM

View full text Add to dashboard Cite

Research purpose: The aim of this study is to present the essence and importance of information security awareness in the organisation and to analyse selected methods used in forming employee awareness in terms of information security. Methodology/ approach:This paper is based on literature studies and available reports. Findings:The presented paper suggests that in order to create a positive change in the organisation, information security training should focus on the attitude and behavior of employees. Concentration is primarily about what they do and how their actions affect the results. In order to minimise the risk of data breaches, often resulting from human error, training methods must meet the needs of today's employees. Effective information security awareness strategies should address the needs of both the organisation itself and the learning people. Limitations/implications:The study is based on the theoretical analysis, indicating the need of conducting further empirical research. Originality/value:The main value of the study is to clarify the need for forming employees' awareness of information security, while indicating a number of available methods enabling the implementation of awareness programs in the organisation.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Literature Reviewmentioning

confidence: 99%

Forming the Awareness of Employees in the Field of Information Security

Chmura

2017

JPM

View full text Add to dashboard Cite

show abstract

“…The observation of human performance and behavior by cognitive and human factor experts can provide practical insight on automation and information overload, technological deterministic thinking, procedural alignment, operational tempo, and the impact of technology on the workforce (Nobles, 2015). With the ascendancy of technology in cybersecurity, cognitive scientists and human factor experts are pivotal in conducting performance and human factors assessments to predispose (a) systemic weaknesses, (b) vulnerabilities, (c) critical phases of cybersecurity operations, and (d) cognitive overload (Hadlington, 2017;Pfleeger & Caputo, 2012). Human factors initiatives can be solidified through organizational culture by implementing practices and processes to increase awareness of human performance and decision-making (Hadlington, 2017).…”

Section: Human Factorsmentioning

confidence: 99%

“…Businesses rely on information systems and technology to yield profits; yet, most companies struggle with integrating human factors into the organizational culture (Hadlington, 2017). Not only are human factors a concern for protecting crown jewels, critical information, intellectual property, and networks.…”

Section: Human Factorsmentioning

confidence: 99%

“…Change is a strategic objective for organizations to withstand continuous evolution; however, resistance to change is a significant phenomenon (Georgalis, Samaratunge, Kimberley, & Lu, 2015) that can be disruptive and counterproductive. For human factors to be recognized as a credible science requires cybersecurity leaders must undergo a cultural and philosophical change (Hadlington, 2017). A part of the fundamental change involves accepting psychology as a vital element of cybersecurity (Hadlington, 2017).…”

Section: Change Managementmentioning

confidence: 99%

See 1 more Smart Citation

Botching Human Factors in Cybersecurity in Business Organizations

Nobles

2018

HOLISTICA – Journal of Business and Public Administration

View full text Add to dashboard Cite

Human factors remained unexplored and underappreciated in information security. The mounting cyber-attacks, data breaches, and ransomware attacks are a result of human-enabled errors, in fact, 95% of all cyber incidents are human-enabled. Research indicates that existing information security plans do not account for human factors in risk management or auditing. Corporate executives, managers, and cybersecurity professionals rely extensively on technology to avert cybersecurity incidents. Managers fallaciously believe that technology is the key to improving security defenses even though research indicates that new technologies create unintended consequences; nonetheless, technological induced errors are human-enabled. Managers' current perspective on the human factors problem information security is too narrow in scope and more than a training problem. The management of complex cybersecurity operations accompanied by mounting human factor challenges exceeds the expertise of most information security professionals; yet, managers are reluctant to seek the expertise of human factors specialists, cognitive scientists, and behavioral analysts to implement effective strategies and objectives to reduce human-enabled error in information security.

show abstract

Which phish is captured in the net? Understanding phishing susceptibility and individual differences

Sarno

Harris

Black

2023

Applied Cognitive Psychology

View full text Add to dashboard Cite

Phishing research presents conflicting findings regarding the psychological predictors of phishing susceptibility. The present work aimed to resolve these discrepancies by utilizing a diverse online sample and email set. Participants completed a survey that included an email classification task and measured several individual differences, including phishing awareness, age, impulsivity, curiosity, and personality (the Big-5).Phishing susceptibility was measured by participants' ability to distinguish between phishing and legitimate emails. Three regression analyses were performed to predict email discrimination ability; (1) an age model, (2) a deficient self-regulation model (i.e., impulsivity, response times, and curiosity), and (3) a personality (i.e., the Big-5) model. Overall, phishing susceptibility was predicted by younger age, higher levels of impulsivity and extraversion, lower levels of openness to experience and agreeableness, and quick responses. The present work identifies several populations that are particularly vulnerable to phishing attacks and may require targeted training interventions.

show abstract

Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours

Cited by 166 publications

References 29 publications

Forming the Awareness of Employees in the Field of Information Security

Forming the Awareness of Employees in the Field of Information Security

Botching Human Factors in Cybersecurity in Business Organizations

Which phish is captured in the net? Understanding phishing susceptibility and individual differences

Contact Info

Product

Resources

About