影响员工易受网络攻击的因素

IF 7.3 2区 管理学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS
J. Boritz, Chan Ge, Katharine Elizabeth Patterson
{"title":"影响员工易受网络攻击的因素","authors":"J. Boritz, Chan Ge, Katharine Elizabeth Patterson","doi":"10.2139/ssrn.4088873","DOIUrl":null,"url":null,"abstract":"We examine factors associated with employees’ susceptibility to phishing attacks in a professional services firm and a financial services firm (bank). We measure three dimensions of suspicion (skepticism, suspicion of hostility, and interpersonal trust), and three cognitive traits (risk taking propensity, cognitive (inhibitory) control, and social cognition), while controlling for demographic and work context factors. We find that these traits interact in complex ways in determining individuals’ susceptibility to phishing attacks. Bank employees are more susceptible to being phished than professional services firm employees, but within the bank, the employees with professional certificates are less susceptible to phishing attacks than other bank employees. Also, employees with self-reported responsibility for cybersecurity are less likely to be phished. These findings could be used to create a screening tool for identifying which employees are particularly susceptible to phishing attacks, to tailor training or redesign jobs to counter those susceptibilities and reduce security risk.","PeriodicalId":50486,"journal":{"name":"European Journal of Information Systems","volume":"305 1","pages":"27-60"},"PeriodicalIF":7.3000,"publicationDate":"2022-07-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Factors Affecting Employees' Susceptibility to Cyber-Attacks\",\"authors\":\"J. Boritz, Chan Ge, Katharine Elizabeth Patterson\",\"doi\":\"10.2139/ssrn.4088873\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We examine factors associated with employees’ susceptibility to phishing attacks in a professional services firm and a financial services firm (bank). We measure three dimensions of suspicion (skepticism, suspicion of hostility, and interpersonal trust), and three cognitive traits (risk taking propensity, cognitive (inhibitory) control, and social cognition), while controlling for demographic and work context factors. We find that these traits interact in complex ways in determining individuals’ susceptibility to phishing attacks. Bank employees are more susceptible to being phished than professional services firm employees, but within the bank, the employees with professional certificates are less susceptible to phishing attacks than other bank employees. Also, employees with self-reported responsibility for cybersecurity are less likely to be phished. These findings could be used to create a screening tool for identifying which employees are particularly susceptible to phishing attacks, to tailor training or redesign jobs to counter those susceptibilities and reduce security risk.\",\"PeriodicalId\":50486,\"journal\":{\"name\":\"European Journal of Information Systems\",\"volume\":\"305 1\",\"pages\":\"27-60\"},\"PeriodicalIF\":7.3000,\"publicationDate\":\"2022-07-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"European Journal of Information Systems\",\"FirstCategoryId\":\"91\",\"ListUrlMain\":\"https://doi.org/10.2139/ssrn.4088873\",\"RegionNum\":2,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"European Journal of Information Systems","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.2139/ssrn.4088873","RegionNum":2,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 1

摘要

我们研究了与专业服务公司和金融服务公司(银行)员工对网络钓鱼攻击的易感性相关的因素。我们测量了怀疑的三个维度(怀疑、敌意怀疑和人际信任)和三个认知特征(冒险倾向、认知(抑制)控制和社会认知),同时控制了人口统计学和工作环境因素。我们发现,这些特征以复杂的方式相互作用,决定了个体对网络钓鱼攻击的易感性。银行员工比专业服务公司员工更容易受到网络钓鱼的攻击,但在银行内部,拥有专业证书的员工比其他银行员工更不容易受到网络钓鱼攻击。此外,自我报告对网络安全负责的员工不太可能受到网络钓鱼。这些发现可以用来创建一个筛选工具,以确定哪些员工特别容易受到网络钓鱼攻击,定制培训或重新设计工作,以应对这些脆弱性,降低安全风险。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Factors Affecting Employees' Susceptibility to Cyber-Attacks
We examine factors associated with employees’ susceptibility to phishing attacks in a professional services firm and a financial services firm (bank). We measure three dimensions of suspicion (skepticism, suspicion of hostility, and interpersonal trust), and three cognitive traits (risk taking propensity, cognitive (inhibitory) control, and social cognition), while controlling for demographic and work context factors. We find that these traits interact in complex ways in determining individuals’ susceptibility to phishing attacks. Bank employees are more susceptible to being phished than professional services firm employees, but within the bank, the employees with professional certificates are less susceptible to phishing attacks than other bank employees. Also, employees with self-reported responsibility for cybersecurity are less likely to be phished. These findings could be used to create a screening tool for identifying which employees are particularly susceptible to phishing attacks, to tailor training or redesign jobs to counter those susceptibilities and reduce security risk.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
European Journal of Information Systems
European Journal of Information Systems 工程技术-计算机:信息系统
CiteScore
23.10
自引率
4.20%
发文量
52
审稿时长
>12 weeks
期刊介绍: The European Journal of Information Systems offers a unique European perspective on the theory and practice of information systems for a global readership. We actively seek first-rate articles that offer a critical examination of information technology, covering its effects, development, implementation, strategy, management, and policy.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信