Reducing Risky Security Behaviours:  Utilising Affective Feedback to Educate Users

Shepherd, Lynsay A.; Archibald, Jacqueline; Ferguson, Ian

doi:10.3390/fi6040760

Cited by 13 publications

(3 citation statements)

References 22 publications

(29 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Warnings and alerts often appear similar and occur at predictable intervals. Employees may also often receive little feedback regarding their cyber security behaviors (Shepherd et al, 2014), so that there is nothing to reorientate them toward, or reappraise, the importance of the stimuli.…”

Section: Habituation Of Actions and To Advicementioning

confidence: 99%

Encouraging Employee Engagement With Cybersecurity: How to Tackle Cyber Fatigue

2021

View full text Add to dashboard Cite

Cybersecurity fatigue is a form of work disengagement specific to cybersecurity. It manifests as a weariness or aversion to cybersecurity-related workplace behaviors or advice and occurs as a result of prior overexposure to cybersecurity-related work demands or training. While some previous theoretical conceptualizations of cybersecurity fatigue are available, this article is the first to capture all dimensions of the phenomenon in a four-component model. The model holds that cybersecurity fatigue can result from overexposure to workplace cybersecurity advice (e.g., training) or cybersecurity actions (e.g., forced password updates). Similarly, we argue that there can be two types of cybersecurity fatigue: attitudinal (e.g., a belief that cybersecurity is not important) and cognitive (e.g., habituated bad behaviors). We present a multidisciplinary review, which draws on research from management, psychology, and information systems. Practitioners can use the four-component model to identify the type of cybersecurity fatigue that may be occurring in employees and adapt workplace processes accordingly to improve behavior. In addition, we present three illustrative case studies, adapted from employee experiences, to demonstrate the application of the four-component model to an organizational context. The review presents a framework for coordinating the existing approaches to cybersecurity fatigue in the current literature.

show abstract

Section: Habituation Of Actions and To Advicementioning

confidence: 99%

Encouraging Employee Engagement With Cybersecurity: How to Tackle Cyber Fatigue

2021

View full text Add to dashboard Cite

show abstract

“…Web Extensions in Mozilla Firefox. Such vulnerabilities have the potential to allow for the development of malicious extensions, posing a security risk [12].…”

Section: Web Based Javascriptmentioning

confidence: 99%

Mayall: A Framework for Desktop JavaScript Auditing and Post-Exploitation Analysis

et al. 2018

Self Cite

View full text Add to dashboard Cite

Writing desktop applications in JavaScript offers developers the opportunity to write cross-platform applications with cutting edge capabilities. However in doing so, they are potentially submitting their code to a number of unsanctioned modifications from malicious actors. Electron is one such JavaScript application framework which facilitates this multi-platform out-the-box paradigm and is based upon the Node.js JavaScript runtime -an increasingly popular server-side technology. In bringing this technology to the client-side environment, previously unrealized risks are exposed to users due to the powerful system programming interface that Node.js exposes. In a concerted effort to highlight previously unexposed risks in these rapidly expanding frameworks, this paper presents the Mayall Framework, an extensible toolkit aimed at JavaScript security auditing and post-exploitation analysis. The paper also exposes fifteen highly popular Electron applications and demonstrates that two thirds of applications were found to be using known vulnerable elements with high CVSS scores. Moreover, this paper discloses a wide-reaching and overlooked vulnerability within the Electron Framework which is a direct byproduct of shipping the runtime unaltered with each application, allowing malicious actors to modify source code and inject covert malware inside verified and signed applications without restriction. Finally, a number of injection vectors are explored and appropriate remediations are proposed.

show abstract

“…To warn about insecure communications, technology can reliably check whether HTTPS is in place or not and then either reassure or warn, augmenting the educational approach. Some notable approaches in the field of passive approaches are LinkExtend 6 and research such as published by Shepherd et al [25]. LinkExtend is a Firefox AddOn considering many different security indicators including whether HTTPS is in place or not.…”

Section: Related Workmentioning

confidence: 99%

Design and Field Evaluation of PassSec: Raising and Sustaining Web Surfer Risk Awareness

Volkamer

Renaud

Canova

et al. 2015

Trust and Trustworthy Computing

View full text Add to dashboard Cite

Abstract. This paper presents PassSec, a Firefox Add-on that raises user awareness about safe and unsafe password entry while they surf the web. PassSec comprises a two-stage approach: highlighting as the web page loads, then bringing up a just-in-time helpful dialogue when the user demonstrates an intention to enter a password on an unsafe web page. PassSec was developed using a human-centred design approach. We performed a field study with 31 participants that showed that PassSec significantly reduces the number of logins on websites where password entry is unsafe.

show abstract

Reducing Risky Security Behaviours: Utilising Affective Feedback to Educate Users

Cited by 13 publications

References 22 publications

Encouraging Employee Engagement With Cybersecurity: How to Tackle Cyber Fatigue

Encouraging Employee Engagement With Cybersecurity: How to Tackle Cyber Fatigue

Mayall: A Framework for Desktop JavaScript Auditing and Post-Exploitation Analysis

Design and Field Evaluation of PassSec: Raising and Sustaining Web Surfer Risk Awareness

Contact Info

Product

Resources

About