{"title":"影响员工易受网络攻击的因素","authors":"J. Boritz, Chan Ge, Katharine Elizabeth Patterson","doi":"10.2139/ssrn.4088873","DOIUrl":null,"url":null,"abstract":"We examine factors associated with employees’ susceptibility to phishing attacks in a professional services firm and a financial services firm (bank). We measure three dimensions of suspicion (skepticism, suspicion of hostility, and interpersonal trust), and three cognitive traits (risk taking propensity, cognitive (inhibitory) control, and social cognition), while controlling for demographic and work context factors. We find that these traits interact in complex ways in determining individuals’ susceptibility to phishing attacks. Bank employees are more susceptible to being phished than professional services firm employees, but within the bank, the employees with professional certificates are less susceptible to phishing attacks than other bank employees. Also, employees with self-reported responsibility for cybersecurity are less likely to be phished. These findings could be used to create a screening tool for identifying which employees are particularly susceptible to phishing attacks, to tailor training or redesign jobs to counter those susceptibilities and reduce security risk.","PeriodicalId":50486,"journal":{"name":"European Journal of Information Systems","volume":"305 1","pages":"27-60"},"PeriodicalIF":7.3000,"publicationDate":"2022-07-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Factors Affecting Employees' Susceptibility to Cyber-Attacks\",\"authors\":\"J. Boritz, Chan Ge, Katharine Elizabeth Patterson\",\"doi\":\"10.2139/ssrn.4088873\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We examine factors associated with employees’ susceptibility to phishing attacks in a professional services firm and a financial services firm (bank). We measure three dimensions of suspicion (skepticism, suspicion of hostility, and interpersonal trust), and three cognitive traits (risk taking propensity, cognitive (inhibitory) control, and social cognition), while controlling for demographic and work context factors. We find that these traits interact in complex ways in determining individuals’ susceptibility to phishing attacks. Bank employees are more susceptible to being phished than professional services firm employees, but within the bank, the employees with professional certificates are less susceptible to phishing attacks than other bank employees. Also, employees with self-reported responsibility for cybersecurity are less likely to be phished. These findings could be used to create a screening tool for identifying which employees are particularly susceptible to phishing attacks, to tailor training or redesign jobs to counter those susceptibilities and reduce security risk.\",\"PeriodicalId\":50486,\"journal\":{\"name\":\"European Journal of Information Systems\",\"volume\":\"305 1\",\"pages\":\"27-60\"},\"PeriodicalIF\":7.3000,\"publicationDate\":\"2022-07-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"European Journal of Information Systems\",\"FirstCategoryId\":\"91\",\"ListUrlMain\":\"https://doi.org/10.2139/ssrn.4088873\",\"RegionNum\":2,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"European Journal of Information Systems","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.2139/ssrn.4088873","RegionNum":2,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Factors Affecting Employees' Susceptibility to Cyber-Attacks
We examine factors associated with employees’ susceptibility to phishing attacks in a professional services firm and a financial services firm (bank). We measure three dimensions of suspicion (skepticism, suspicion of hostility, and interpersonal trust), and three cognitive traits (risk taking propensity, cognitive (inhibitory) control, and social cognition), while controlling for demographic and work context factors. We find that these traits interact in complex ways in determining individuals’ susceptibility to phishing attacks. Bank employees are more susceptible to being phished than professional services firm employees, but within the bank, the employees with professional certificates are less susceptible to phishing attacks than other bank employees. Also, employees with self-reported responsibility for cybersecurity are less likely to be phished. These findings could be used to create a screening tool for identifying which employees are particularly susceptible to phishing attacks, to tailor training or redesign jobs to counter those susceptibilities and reduce security risk.
期刊介绍:
The European Journal of Information Systems offers a unique European perspective on the theory and practice of information systems for a global readership. We actively seek first-rate articles that offer a critical examination of information technology, covering its effects, development, implementation, strategy, management, and policy.