Training to Mitigate Phishing Attacks Using Mindfulness Techniques

Jensen, Matthew L.; Dinger, Michael; Wright, Ryan; Thatcher, Jason Bennett

doi:10.1080/07421222.2017.1334499

Cited by 144 publications

(98 citation statements)

References 62 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently, ISec research has turned to collective intelligence via knowledge management systems to leverage the human element by creating human firewalls in identifying malicious email [20]. Leveraging humans and engaging them as an effective countermeasure has proven elusive since it requires them to pay attention to information security warnings, phishing emails, information security training, and notifications [21,36,45,48,49].…”

Section: Attention To Cybersecuritymentioning

confidence: 99%

“…Cybersecurity mindfulness and suspicion have both been shown to increase the identification of cyberattacks. Jensen et al [21] showed that training individuals in phishing mindfulness increases their ability to avoid falling victim to phishing attacks. Gay et al [14] found increasing suspicion in military drone vehicles lead to an improvement in identifying and mitigating cyber-attacks on the systems running the drones.…”

Section: Research Modelmentioning

confidence: 99%

“…Information security research (ISec) has identified the criticality of studying human compliance behavior in cybersecurity ecosystems [8]. ISec research studied human compliance using a rich theoretical base such as deterrence [10,39], motivation [7,23], fear [22], accountability [44], and mindfulness [21]. Interestingly, there has been little research attention directed at the role of trust in human compliance in the context of cybersecurity.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Can Trust be Trusted in Cybersecurity?

Pienta¹,

Tams²,

Thatcher³

2020

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Human compliance in cybersecurity continues to be a persistent problem for organizations. This researchin-progress advances theoretical understanding of the negative effects of trust formed between individuals and the cybersecurity function (i.e., those responsible for protection), cybersecurity system (i.e., the protective technologies), and organization (i.e., those verifying (e.g., hiring, championing, vouching.) the cybersecurity department) that leads to suboptimal compliance behaviors. In contrast to the current information security literature that focuses on how organizations can induce compliance, this study begins to provide understanding into the degradation of compliance through organizational actions. Additionally, understanding is provided on how to combat the negative effects of trust. An integrated model is conceptualized using the theories of trust and attention. This model provides the theoretical foundation to study the role of dark side trust in the context of cybersecurity and provides initial mechanisms to reduce it. By developing this conceptualization of dark side trust and model, this study contributes to the general study of trust in information systems research outside of the domain of cybersecurity.

show abstract

Section: Attention To Cybersecuritymentioning

confidence: 99%

Section: Research Modelmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Can Trust be Trusted in Cybersecurity?

Pienta¹,

Tams²,

Thatcher³

2020

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

show abstract

“…Some don't understand the security threat or believe in the probability of real danger. Often security managers try to address this with education (Deceth, 2013;Jensen, Dinger, Wright & Thatcher, 2017; USPS Office of Inspector General, 2015; Thomas J. E., 2018). Adult education, though, requires special skills and assessment techniques tailored to adult learning styles as well as understanding the motivations causing the behavior (Thomas & Hornsey, 2014).…”

Section: Challenges In Addressing the Ransomware Problemmentioning

confidence: 99%

Enterprise Cybersecurity: Investigating and Detecting Ransomware Infections Using Digital Forensic Techniques

Thomas¹,

Galligher²,

Thomas³

et al. 2019

CIS

View full text Add to dashboard Cite

As the world continues to grow and embrace technology ransomware is growing problem. When ransomware encrypts storage sytems, systems shutdown, productivity grinds to a halt, and serious long-term damage takes place. As this is a known problem many firms have developed functionality to address ransomware issues in key security technologies such as intrusion protection systems. Many firms, especially smaller ones, may not have access to these technologies or perhaps the integration of these technologies might not yet be possible due ot varying circumstances. Regardless, ransomware must still be addressed as cyber miscreants actually target weak and unprotected environment. Even without tools that automate and aggregrate security capability, systems administrators can use systems utilities, applications, and digital forensic techniques to detect ransomware and defend their environemnts. This paper explores the literature regarding ransomware attacks, discusses current issues on how ransomware might be addressed, and presents recommendations to detect and investigate ransomware infection.

show abstract

“…Estimates place greater than 80% of organizations as having experienced phishing attacks (Derouet, 2016). These attacks result in billions of dollars in losses annually (Goel, Williams, & Dincelli, 2017;Jensen, Dinger, Wright, & Thatcher, 2017). While many resources have been brought to bear in the face of this problem, phishing attacks continue to grow in frequency (Greenwald, 2016).…”

Section: Introductionmentioning

confidence: 99%

Individual Cyber Security: Empowering Employees to Resist Spear Phishing to Prevent Identity Theft and Ransomware Attacks

Thomas¹

2018

IJBM

View full text Add to dashboard Cite

One of the most difficult challenges in information security today is phishing. Phishing is a difficult problem to address because there are many permutations, messages, and value propositions that can be sent to targets. Spear phishing is also associated with social engineering, which can be difficult for even trained or savvy employees to detect. This makes the user the critical point of entry for miscreants seeking to perpetrate cyber crimes such as identity theft and ransomware propagation, which cause billions of dollars in losses each year. Researchers are exploring many avenues to address this problem, including educating users and making them aware of the repercussions of becoming victims of phishing. The purpose of this study was to interview security professionals to gain better insight on preventing users and employees from succumbing to phishing attack. Seven subject-matter experts were interviewed, revealing nine themes describing traits that identify users as vulnerable to attack or strongly resistive to attack, as well as training suggestions to empower users to resist spear phishing attacks. Suggestions are made for practitioners in the field and future research.

show abstract

Training to Mitigate Phishing Attacks Using Mindfulness Techniques

Cited by 144 publications

References 62 publications

Can Trust be Trusted in Cybersecurity?

Can Trust be Trusted in Cybersecurity?

Enterprise Cybersecurity: Investigating and Detecting Ransomware Infections Using Digital Forensic Techniques

Individual Cyber Security: Empowering Employees to Resist Spear Phishing to Prevent Identity Theft and Ransomware Attacks

Contact Info

Product

Resources

About